From 2b809da6cfb4889aacde9fa0dc7ff915793cb02b Mon Sep 17 00:00:00 2001 From: shaohuzhang1 Date: Tue, 10 Mar 2026 15:33:28 +0800 Subject: [PATCH] fix: [Application] The application node uses {{}} to reference variables, resulting in a parsing failure. --- apps/common/init/init_template.py | 54 +++++++++++++++++++++++++++++++ apps/ops/celery/signal_handler.py | 3 +- apps/smartdoc/urls.py | 4 +-- 3 files changed, 58 insertions(+), 3 deletions(-) create mode 100644 apps/common/init/init_template.py diff --git a/apps/common/init/init_template.py b/apps/common/init/init_template.py new file mode 100644 index 00000000000..f77a86ec2a8 --- /dev/null +++ b/apps/common/init/init_template.py @@ -0,0 +1,54 @@ +# coding=utf-8 +""" + @project: MaxKB + @Author:虎虎 + @file: init_jinja.py + @date:2025/12/1 17:16 + @desc: +""" +from typing import Any + +from jinja2.sandbox import SandboxedEnvironment +from langchain_core.prompts.string import DEFAULT_FORMATTER_MAPPING, _HAS_JINJA2 + + +def jinja2_formatter(template: str, /, **kwargs: Any) -> str: + """Format a template using jinja2. + + *Security warning*: + As of LangChain 0.0.329, this method uses Jinja2's + SandboxedEnvironment by default. However, this sand-boxing should + be treated as a best-effort approach rather than a guarantee of security. + Do not accept jinja2 templates from untrusted sources as they may lead + to arbitrary Python code execution. + + https://jinja.palletsprojects.com/en/3.1.x/sandbox/ + + Args: + template: The template string. + **kwargs: The variables to format the template with. + + Returns: + The formatted string. + + Raises: + ImportError: If jinja2 is not installed. + """ + if not _HAS_JINJA2: + msg = ( + "jinja2 not installed, which is needed to use the jinja2_formatter. " + "Please install it with `pip install jinja2`." + "Please be cautious when using jinja2 templates. " + "Do not expand jinja2 templates using unverified or user-controlled " + "inputs as that can result in arbitrary Python code execution." + ) + raise ImportError(msg) + + # Use a restricted sandbox that blocks ALL attribute/method access + # Only simple variable lookups like {{variable}} are allowed + # Attribute access like {{variable.attr}} or {{variable.method()}} is blocked + return SandboxedEnvironment().from_string(template).render(**kwargs) + + +def run(): + DEFAULT_FORMATTER_MAPPING['jinja2'] = jinja2_formatter diff --git a/apps/ops/celery/signal_handler.py b/apps/ops/celery/signal_handler.py index 46671a0d8fa..bfded3e4027 100644 --- a/apps/ops/celery/signal_handler.py +++ b/apps/ops/celery/signal_handler.py @@ -2,7 +2,7 @@ # import logging import os - +from common.init import init_template from celery import subtask from celery.signals import ( worker_ready, worker_shutdown, after_setup_logger, task_revoked, task_prerun @@ -31,6 +31,7 @@ def on_app_ready(sender=None, headers=None, **kwargs): logger.debug("Periodic task [{}] is disabled!".format(task)) continue subtask(task).delay() + init_template.run() def delete_files(directory): diff --git a/apps/smartdoc/urls.py b/apps/smartdoc/urls.py index b243809cc77..996330471e2 100644 --- a/apps/smartdoc/urls.py +++ b/apps/smartdoc/urls.py @@ -23,10 +23,9 @@ from application.urls import urlpatterns as application_urlpatterns from common.cache_data.static_resource_cache import get_index_html -from common.constants.cache_code_constants import CacheCodeConstants +from common.init import init_template from common.init.init_doc import init_doc from common.response.result import Result -from common.util.cache_util import get_cache from smartdoc import settings from smartdoc.conf import PROJECT_DIR @@ -72,3 +71,4 @@ def page_not_found(request, exception): handler404 = page_not_found init_doc(urlpatterns, application_urlpatterns) +init_template.run()