[Vulnerability Report] CWE - 94 Code Injection in execute_analysis_code_safely Function

[ybdesire]

Description

This code is vulnerable to CWE - 94: Code Injection. The execute_analysis_code_safely function is designed to execute user - provided code in a seemingly safe environment. However, it directly takes a string code and executes it using the exec function. An attacker could craft malicious code as the input code string. Since the exec function runs the provided code within the context of the defined namespace, and the namespace includes several important libraries like pd, np, json, etc., an attacker can potentially access and manipulate these libraries to perform unauthorized actions such as reading sensitive files, modifying system configurations, or performing malicious network operations.

introspect/backend/tools/analysis_tools.py

Line 476 in 225d659

exec(wrapped_code, namespace)

Exploit

Since the os module cannot be directly imported as it is not included in the namespace, an attacker can still try to exploit the vulnerability by leveraging the existing libraries in the namespace. For instance, if the pd (presumably pandas) library is available, the attacker can try to access the underlying system through the library's file - reading capabilities.

The attacker can provide the following malicious code as the code parameter when calling the execute_analysis_code_safely function:

import pandas as pd
try:
    data = pd.read_csv('/etc/passwd', sep=':', header=None)
    final_result = data.to_csv(sep='\t', na_rep='nan')
except Exception as e:
    final_result = f"Error: {str(e)}"

In this code, the attacker uses the pandas library's read_csv function to read the /etc/passwd file. If the operation is successful, the content of the file is converted into a tab - separated string and stored in the final_result variable. When the execute_analysis_code_safely function runs the provided code, the attacker can then retrieve the content of the /etc/passwd file through the result_text return value. This way, the attacker can gain access to sensitive system information even without direct access to the os module.

Impacted

All versions of code are affected since : b005635

From v0.1.0 to v0.1.4

The latest main branch also has this vulnerability.

[rishsriv]

Thank you for the note. We have added some workarounds to address this in #502, but will not be implementing a full fix. This is because this repo is meant to be run in a docker environment, which will significantly mitigate potential security risks.

Having said that, we have added a SECURITY section in our README to make this clearer to users.