diff --git a/apps/common/utils/tool_code.py b/apps/common/utils/tool_code.py index 9c88603b3..02da9c1b8 100644 --- a/apps/common/utils/tool_code.py +++ b/apps/common/utils/tool_code.py @@ -26,6 +26,7 @@ class ToolExecutor: self._createdir() if self.sandbox: os.system(f"chown -R {self.user}:root {self.sandbox_path}") + self.banned_keywords = CONFIG.get("SANDBOX_PYTHON_BANNED_KEYWORDS", 'nothing_is_banned').split(','); def _createdir(self): old_mask = os.umask(0o077) @@ -37,6 +38,7 @@ class ToolExecutor: os.umask(old_mask) def exec_code(self, code_str, keywords): + self.validateBannedKeywords(code_str) _id = str(uuid.uuid7()) success = '{"code":200,"msg":"成功","data":exec_result}' err = '{"code":500,"msg":str(e),"data":None}' @@ -94,6 +96,11 @@ except Exception as e: os.remove(exec_python_file) return subprocess_result + def validateBannedKeywords(self, code_str): + matched = next((bad for bad in self.banned_keywords if bad in code_str), None) + if matched: + raise Exception(f"keyword '{matched}' is banned in the tool.") + @staticmethod def _exec(_code): return subprocess.run([python_directory, '-c', _code], text=True, capture_output=True) diff --git a/installer/Dockerfile-base b/installer/Dockerfile-base index 396ba682a..762dfdbc2 100644 --- a/installer/Dockerfile-base +++ b/installer/Dockerfile-base @@ -39,7 +39,8 @@ ENV PGDATA=/opt/maxkb/data/postgresql/pgdata \ REDIS_PASSWORD=Password123@redis \ LANG=en_US.UTF-8 \ MAXKB_LOG_LEVEL=INFO \ - MAXKB_SANDBOX_PYTHON_PACKAGE_PATHS=/opt/py3/lib/python3.11/site-packages,/opt/maxkb-app/sandbox/python-packages,/opt/maxkb/python-packages \ + MAXKB_SANDBOX_PYTHON_PACKAGE_PATHS="/opt/py3/lib/python3.11/site-packages,/opt/maxkb-app/sandbox/python-packages,/opt/maxkb/python-packages" \ + MAXKB_SANDBOX_PYTHON_BANNED_KEYWORDS="subprocess.,system(,exec(,pty.,eval(,compile(,shutil.,input(" \ MAXKB_ADMIN_PATH=/admin EXPOSE 6379 \ No newline at end of file