CVE-2020-22083 security vulnerability in botbuilder-python SDK

microsoft / botbuilder-python

The Microsoft Bot Framework provides what you need to build and connect intelligent bots that interact naturally wherever your users are talking, from text/sms to Skype, Slack, Office 365 mail and other popular services.

http://botframework.com

MIT License

714 stars 286 forks source link

CVE-2020-22083 security vulnerability in botbuilder-python SDK #2078

Open hisnkuanli opened 9 months ago

hisnkuanli commented 9 months ago

Version

4.14.8

Describe the bug

There is a security vulnerability detected via Component Governance in DevOps. The severity is marked as Critical.

The details about this vulnerability:

In this SDK, the jsonpickle package is limited (>=1.2,<1.5), it is possible to use the latest version to avoid this security vulnerability? Use version ranges 3rd party deps by cognifloyd · Pull Request #1468 · microsoft/botbuilder-python (github.com)

It is a blocking issue for our production service. Please help resolve it ASAP. Thanks.

To Reproduce

Use echo bot as an example, trigger a build in Azure DevOps, and enable Component Governance

Expected behavior

Pass Component Governance

Additional context

https://github.com/advisories/GHSA-j66q-qmrc-89rx

tracyboehrer commented 8 months ago

This is somewhat under dispute. pickle in Python itself would have the same behavior. The use case in SDK is that it's used to serialize objects in ConversationState to storage (Blobs or CosmosDB). We could clear the alert by implementing our own serialization, but the behavior would be exactly the same.

tracyboehrer commented 7 months ago

Switching to version later that 1.4.2 do not change the alert for us. I really didn't expect it to.

Given:

"Both jsonpickle and pickle are documented as being able to execute arbitrary code when loading pickles, and intended for use only with trusted data. This is expected behaviour, as clearly indicated in the jsonpickle README and at https://docs.python.org/3/library/pickle.html"

And that this is only being used when storing/retrieving data for ConversationState and UserState (a trusted source), it is not of high risk.

We can continue to look for an alternative solution, but in the end it will still perform the same type actions.

andrew-cybsafe commented 2 months ago

Switching to version later that 1.4.2 do not change the alert for us. I really didn't expect it to.

Does botbuilder work on with v2 and v3? If so, can we update the dependency as this would help to prevent packages resolution issues for projects using botbuilder.

tracyboehrer commented 2 months ago

The alert isn't accurate in that regard. The issue isn't the version, it's what it is doing. Which is pickle/unpickle.

This is used for serializing state storage to whatever storage is configured. It is assumed this is trusted and secure.