Skip to content

fix: remove unsafe eval() in utils.py#983

Open
orbisai0security wants to merge 1 commit into
NaiboWang:masterfrom
orbisai0security:fix-eval-restricted-execution-environment
Open

fix: remove unsafe eval() in utils.py#983
orbisai0security wants to merge 1 commit into
NaiboWang:masterfrom
orbisai0security:fix-eval-restricted-execution-environment

Conversation

@orbisai0security

Copy link
Copy Markdown
Contributor

Summary

Fix high severity security issue in ExecuteStage/utils.py.

Vulnerability

Field Value
ID V-003
Severity HIGH
Scanner multi_agent_ai
Rule V-003
File ExecuteStage/utils.py:600
Assessment Likely exploitable

Description: The replace_field_values function in utils.py uses eval() to execute Python code from task configuration files. While there is some attempt to sanitize inputs with repr(), the eval() function inherently allows arbitrary code execution if an attacker can bypass the substitution mechanism or inject malicious code in other parts of the expression.

Evidence

Exploitation scenario: An attacker who can control the content of a task configuration file can inject malicious Python code in an eval() expression.

Scanner confirmation: multi_agent_ai rule V-003 flagged this pattern.

Changes

  • ExecuteStage/utils.py

Verification

  • Build passes
  • Scanner re-scan confirms fix
  • LLM code review passed

Security Invariant

Property: The security boundary is maintained under adversarial input

Regression test
import pytest
import sys
import os

# Add the module path to sys.path
sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))

from ExecuteStage.utils import replace_field_values


@pytest.mark.parametrize("payload", [
    # Exact exploit case: malicious eval injection
    "eval('__import__(\"os\").system(\"echo malicious\")')",
    # Boundary case: nested eval with dangerous operations
    "eval(eval('\"__import__(\\\"os\\\")\"'))",
    # Valid input: safe eval usage
    "eval('1 + 1')",
    # Edge case: eval with backticks (deprecated but dangerous if allowed)
    "eval('__import__(\"subprocess\").check_output(\"ls\")')",
    # Simple injection attempt
    "eval('exec(\"open(\'/etc/passwd\').read()\")')",
])
def test_eval_inputs_do_not_execute_arbitrary_code(payload):
    """Invariant: eval() calls in replace_field_values must not execute arbitrary code from untrusted inputs."""
    
    # Setup minimal required parameters
    outputParameters = {"Field": {"test": "safe_value"}}
    
    # The function expects a dictionary with specific structure
    task_config = {
        "some_key": payload
    }
    
    # Call the actual function - if arbitrary code execution occurs,
    # it will happen during this call
    try:
        result = replace_field_values(task_config, outputParameters)
        
        # If we reach here without system calls being executed,
        # the test passes. We can add additional checks:
        # Ensure no dangerous strings appear in output
        assert "__import__" not in str(result)
        assert "os.system" not in str(result)
        assert "subprocess" not in str(result)
        
    except Exception as e:
        # The function might raise exceptions for malformed inputs,
        # which is acceptable as long as no code was executed
        assert "malicious" not in str(e).lower()

This test guards against regressions — it's useful independent of the code change above.


Automated security fix by OrbisAI Security

Automated security fix generated by OrbisAI Security
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant