dify/api/core/helper
Devbyteai 26444d8b6c fix(template-transform): use base64 encoding for Jinja2 templates
When Jinja2 templates containing special characters (quotes, newlines)
were embedded directly in the generated Python script using triple-quoted
strings, the script would break. This fix encodes the template as base64
before embedding, then decodes it at runtime.

Root cause: Templates were inserted via string replacement into a Python
script like `jinja2.Template('''...''')`. If the template contained `'''`,
the generated script had a syntax error.

Solution: Add serialize_code() method to base64-encode templates, then
override assemble_runner_script() in Jinja2TemplateTransformer to use
the encoded template with runtime decoding.

This specifically affects Jinja2 templates - Python3 and JavaScript
transformers insert user code at the top level (not inside strings),
so they don't have this vulnerability.

Fixes #26818
2025-12-26 20:08:12 +02:00
..
code_executor fix(template-transform): use base64 encoding for Jinja2 templates 2025-12-26 20:08:12 +02:00
__init__.py feat: server multi models support (#799) 2023-08-12 00:57:00 +08:00
credential_utils.py Feat/credential policy (#25151) 2025-09-08 23:45:05 -07:00
csv_sanitizer.py fix: csv injection in annotations export (#29462) 2025-12-15 17:14:05 +08:00
download.py Introduce Plugins (#13836) 2025-02-17 17:05:13 +08:00
encrypter.py feat: knowledge pipeline (#25360) 2025-09-18 12:49:10 +08:00
http_client_pooling.py improve: pooling httpx clients for requests to code sandbox and ssrf (#26052) 2025-09-24 22:14:50 +08:00
marketplace.py feat(api): Implement EventManager error logging and add coverage (#29204) 2025-12-08 09:40:40 +08:00
model_provider_cache.py chore: add ast-grep rule to convert Optional[T] to T | None (#25560) 2025-09-15 13:06:33 +08:00
moderation.py make logging not use f-str, change others to f-str (#22882) 2025-07-25 10:32:48 +08:00
module_import_helper.py rm type ignore (#25715) 2025-10-21 11:26:58 +08:00
name_generator.py feat: introduce trigger functionality (#27644) 2025-11-12 17:59:37 +08:00
position_helper.py feat(stress-test): add comprehensive stress testing suite using Locust (#25617) 2025-09-12 22:25:05 +08:00
provider_cache.py chore: add ast-grep rule to convert Optional[T] to T | None (#25560) 2025-09-15 13:06:33 +08:00
provider_encryption.py feat: introduce trigger functionality (#27644) 2025-11-12 17:59:37 +08:00
ssrf_proxy.py fix: fix use build_request lead unexpect param (#30095) 2025-12-24 17:23:30 +08:00
tool_parameter_cache.py chore: add ast-grep rule to convert Optional[T] to T | None (#25560) 2025-09-15 13:06:33 +08:00
tool_provider_cache.py perf: using pipeline to delete redis cache (#30159) 2025-12-25 17:04:37 +08:00
trace_id_helper.py chore: add ast-grep rule to convert Optional[T] to T | None (#25560) 2025-09-15 13:06:33 +08:00