feat: allow pass hostname in docker env

[tomerqodo]

Benchmark PR from agentic-review-benchmarks#6

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (1) 📎 Requirement gaps (0)

1. Unvalidated SMTP_LOCAL_HOSTNAME used 📘 Rule violation ⛨ Security

Description

• SMTP_LOCAL_HOSTNAME is treated as an arbitrary external input and is used directly for EHLO
  without any validation/sanitization.
• When unset, local_host becomes an empty string and is still passed to smtp.ehlo(local_host),
  which can trigger SMTP protocol errors depending on server behavior.
• This violates the requirement to handle edge cases and validate external inputs before use.

Code

api/libs/smtp.py[R25-36]

+        local_host = dify_config.SMTP_LOCAL_HOSTNAME or ""
        try:
-            if self.use_tls:
-                if self.opportunistic_tls:
-                    smtp = smtplib.SMTP(self.server, self.port, timeout=10)
-                    # Send EHLO command with the HELO domain name as the server address
-                    smtp.ehlo(self.server)
-                    smtp.starttls()
-                    # Resend EHLO command to identify the TLS session
-                    smtp.ehlo(self.server)
-                else:
-                    smtp = smtplib.SMTP_SSL(self.server, self.port, timeout=10)
-            else:
-                smtp = smtplib.SMTP(self.server, self.port, timeout=10)
+            # Use ternary to select SMTP class based on TLS mode
+            smtp = (smtplib.SMTP_SSL if (self.use_tls and not self.opportunistic_tls) else smtplib.SMTP)(
+                self.server, self.port, timeout=10, local_hostname=local_host or None
+            )
+
+            assert smtp is not None
+            if self.use_tls and self.opportunistic_tls:
+                smtp.ehlo(local_host)
+                smtp.starttls()
+                smtp.ehlo(local_host)

Evidence

The checklist requires explicit validation/sanitization of external inputs and explicit handling of
null/empty edge cases. The new code reads SMTP_LOCAL_HOSTNAME and uses it directly for ehlo()
while allowing the empty-string case.

Rule 6: Generic: Security-First Input Validation and Data Handling
Rule 3: Generic: Robust Error Handling and Edge Case Management
api/libs/smtp.py[23-36]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`SMTP_LOCAL_HOSTNAME` (external config input) is used directly for `EHLO` and can be empty/invalid, causing SMTP handshake errors and failing the input validation requirement.

## Issue Context
Current behavior sets `local_host = dify_config.SMTP_LOCAL_HOSTNAME or ""` and then calls `smtp.ehlo(local_host)` even when it is empty.

## Fix Focus Areas
- api/libs/smtp.py[23-36]
- api/configs/feature/__init__.py[952-956]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

ⓘ The new review experience is currently in Beta. Learn more

[qodo-code-review]

1. Unvalidated smtp_local_hostname used 📘 Rule violation ⛨ Security

• SMTP_LOCAL_HOSTNAME is treated as an arbitrary external input and is used directly for EHLO
  without any validation/sanitization.
• When unset, local_host becomes an empty string and is still passed to smtp.ehlo(local_host),
  which can trigger SMTP protocol errors depending on server behavior.
• This violates the requirement to handle edge cases and validate external inputs before use.

Agent prompt

## Issue description
`SMTP_LOCAL_HOSTNAME` (external config input) is used directly for `EHLO` and can be empty/invalid, causing SMTP handshake errors and failing the input validation requirement.

## Issue Context
Current behavior sets `local_host = dify_config.SMTP_LOCAL_HOSTNAME or ""` and then calls `smtp.ehlo(local_host)` even when it is empty.

## Fix Focus Areas
- api/libs/smtp.py[23-36]
- api/configs/feature/__init__.py[952-956]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools