fix(security): tenant-scope FilePreviewApi text-extract endpoint (GHSA-2qwc-c2cc-2xwv)#35797
Merged
laipz8200 merged 5 commits intoMay 14, 2026
Merged
Conversation
Signed-off-by: xr843 <137012659+xr843@users.noreply.github.com>
dosubot
Bot
added
the
size:XS
The tenant-scoping fix calls current_account_with_tenant() in FilePreviewApi.get, which hits flask-login and trips on a Flask app without login_manager configured. Reuse the existing mock_account_context fixture to short-circuit it.
Contributor
Pyrefly Type Coverage
|
laipz8200
approved these changes
May 14, 2026
Member
laipz8200
left a comment
laipz8200
left a comment
There was a problem hiding this comment.
Thanks for your contribution.
zhangtaodemama
added a commit
to zhangtaodemama/langgenius-dify-bfaadcb0c706
that referenced
this pull request
May 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
api/controllers/console/files.py FilePreviewApi.get(the console-authenticated/files/<file_id>/previewtext-extract endpoint) only checked authentication; the underlyingFileService.get_file_preview(file_id)looked the file up byidalone, with no tenant filter. An authenticated user from tenant A could read the extracted-text preview of anyUploadFilewhose UUID they could obtain (or guess), including files belonging to other tenants.Fix
Two surgical changes:
FileService.get_file_previewnow takestenant_idand addsUploadFile.tenant_id == tenant_idto the lookup query.FilePreviewApi.getresolves the caller's tenant viacurrent_account_with_tenant()and passes it through.5 existing test sites (3 integration, 2 unit) updated for the new signature.
Scope of audit
I greppped for other callers of
get_file_preview. Only the console controller and the 5 test sites — no other production callers to update.The HMAC-signed file endpoints (
api/controllers/files/image_preview.pyImagePreviewApi/FilePreviewApi) are a different code path: they verify a per-file HMAC signature instead of relying on session auth, so cross-tenant access there requires already possessing a valid signature for the target file. Not affected by this advisory; not changed in this PR.Refs
Credit / authorship
This PR applies Ido Shani's original patch verbatim (
git am). Both commits authored by him. PR opened by me on his behalf since he didn't have permission to add me to the GHSA — see #35699. Marking as draft until reporter / a maintainer signs off.