langgenius / dify-sandbox

A lightweight, fast, and secure code execution environment that supports multiple programming languages
https://docs.dify.ai/development/backend/sandbox
Apache License 2.0
412 stars 93 forks source link

refactor: Fix sandbox escape by disabling the preload parameter. #96

Closed hexian2001 closed 1 week ago

hexian2001 commented 2 weeks ago

What i modified:

  1. modified: conf/config.yaml

    • Added enable_preload configuration with a default value of False for security purposes.
  2. modified: internal/types/config.go

    • Updated the configuration structure to include the EnablePreload parameter.
  3. modified: internal/service/nodejs.go

    • Added logic to retrieve the EnablePreload setting from the configuration. If EnablePreload is disabled, the preload field is set to an empty string.
  4. modified: internal/service/python.go

    • Added logic to retrieve the EnablePreload setting from the configuration. If EnablePreload is disabled, the preload field is set to an empty string.

Summarize:

  1. After making the modifications and running compilation tests, the command injection attack has been successfully prevented.
  2. After discussing with the project maintainer, it was concluded that this parameter is theoretically deprecated. Therefore, it is disabled by default and will not be updated through environment variables. Currently, disabling the preload parameter does not negatively impact other functionalities.
Yeuoly commented 1 week ago

pls rebase to main branch as you could get passed by CI tests.