Skip to content

[Vulnerability Report] CWE - 94 Code Injection in execute_analysis_code_safely Function #495

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
ybdesire opened this issue May 2, 2025 · 1 comment
Closed

[Vulnerability Report] CWE - 94 Code Injection in execute_analysis_code_safely Function #495

ybdesire opened this issue May 2, 2025 · 1 comment

Comments

@ybdesire
Copy link

ybdesire commented May 2, 2025

Description

This code is vulnerable to CWE - 94: Code Injection. The execute_analysis_code_safely function is designed to execute user - provided code in a seemingly safe environment. However, it directly takes a string code and executes it using the exec function. An attacker could craft malicious code as the input code string. Since the exec function runs the provided code within the context of the defined namespace, and the namespace includes several important libraries like pd, np, json, etc., an attacker can potentially access and manipulate these libraries to perform unauthorized actions such as reading sensitive files, modifying system configurations, or performing malicious network operations.

introspect/backend/tools/analysis_tools.py

Line 476 in 225d659

exec(wrapped_code, namespace)

Exploit

Since the os module cannot be directly imported as it is not included in the namespace, an attacker can still try to exploit the vulnerability by leveraging the existing libraries in the namespace. For instance, if the pd (presumably pandas) library is available, the attacker can try to access the underlying system through the library's file - reading capabilities.

The attacker can provide the following malicious code as the code parameter when calling the execute_analysis_code_safely function:

import pandas as pd
try:
    data = pd.read_csv('/etc/passwd', sep=':', header=None)
    final_result = data.to_csv(sep='\t', na_rep='nan')
except Exception as e:
    final_result = f"Error: {str(e)}"

In this code, the attacker uses the pandas library's read_csv function to read the /etc/passwd file. If the operation is successful, the content of the file is converted into a tab - separated string and stored in the final_result variable. When the execute_analysis_code_safely function runs the provided code, the attacker can then retrieve the content of the /etc/passwd file through the result_text return value. This way, the attacker can gain access to sensitive system information even without direct access to the os module.

Impacted

All versions of code are affected since : b005635

From v0.1.0 to v0.1.4

The latest main branch also has this vulnerability.
@rishsriv rishsriv mentioned this issue May 20, 2025
Merged
@rishsriv
Copy link
Member

Thank you for the note. We have added some workarounds to address this in #502, but will not be implementing a full fix. This is because this repo is meant to be run in a docker environment, which will significantly mitigate potential security risks.

Having said that, we have added a SECURITY section in our README to make this clearer to users.

@rishsriv rishsriv closed this as not planned Won't fix, can't repro, duplicate, stale May 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rishsriv @ybdesire