Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security]: code injection in add_llm which can lead to full control of the online RAGflow server #1860

Closed
1 task done
Lyutoon opened this issue Aug 7, 2024 · 2 comments
Closed
1 task done

[Security]: code injection in add_llm which can lead to full control of the online RAGflow server #1860

Lyutoon opened this issue Aug 7, 2024 · 2 comments
Assignees
@hangters
Labels
bug Something isn't working

Comments

@Lyutoon
Copy link
Contributor

Lyutoon commented Aug 7, 2024

Is there an existing issue for the same bug?

  • I have checked the existing issues.

Branch name

main

Commit ID

main

Other environment information

No response

Actual behavior

Code injection which can lead to RCE in add_llm and attacker can compromise the online RAGflow server.

ragflow/api/apps/llm_app.py

Line 116 in 06dfb83

temp = list(eval(req["llm_name"]).items())[0] 

@manager.route('/add_llm', methods=['POST'])
@login_required
@validate_request("llm_factory", "llm_name", "model_type")
def add_llm():
    req = request.json
    factory = req["llm_factory"]

    if factory == "VolcEngine":
        # For VolcEngine, due to its special authentication method
        # Assemble volc_ak, volc_sk, endpoint_id into api_key
        temp = list(eval(req["llm_name"]).items())[0]
        llm_name = temp[0]
        endpoint_id = temp[1]
        api_key = '{' + f'"volc_ak": "{req.get("volc_ak", "")}", ' \
                        f'"volc_sk": "{req.get("volc_sk", "")}", ' \
                        f'"ep_id": "{endpoint_id}", ' + '}'

Use unsafe eval which can cause RCE and get full control of the RAGflow server.

Expected behavior

No code executed.

Steps to reproduce

To reproduce the security issue quickly, you can just use online RAGflow demo in `http://demo.ragflow.io/`. Attacker can get full control of the demo server by reversing a shell.

1. login and go to profile `http://demo.ragflow.io/user-setting/profile`.
2. Add `VolcEngine` model.
3. Inject the code in model name.

Please refer Additional information to see the screenshot.

Additional information

Add VolcEngine model:
image

Code injection, my VPS received the request from the server, if the attacker want, it can reverse a shell to its VPS and gain full control of the server:
image
@Lyutoon Lyutoon added the bug Something isn't working label Aug 7, 2024
@KevinHuSh
Copy link
Collaborator

Thanks a lot for reminding.

@Lyutoon
Copy link
Contributor Author

Lyutoon commented Aug 8, 2024
edited
Loading

The fix can be quite easy, just change the eval to ast.literal_eval. I can submit a pr to fix it.
So, how can I get a CVE based on this report?

@Lyutoon Lyutoon mentioned this issue Aug 8, 2024
Merged
KevinHuSh pushed a commit that referenced this issue Aug 8, 2024
@Lyutoon
fix code injection (#1868)
f43db8b 
### What problem does this PR solve?

fix code injection in #1860,
developers can have a check to see if the fix works as expected.

### Type of change

Vulnerability Fix
Halfknow pushed a commit to Halfknow/ragflow that referenced this issue Nov 11, 2024
@Lyutoon
fix code injection (infiniflow#1868)
6171047 
### What problem does this PR solve?

fix code injection in infiniflow#1860,
developers can have a check to see if the fix works as expected.

### Type of change

Vulnerability Fix
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hangters hangters

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@KevinHuSh @Lyutoon @hangters