refactor: Fix sandbox escape by disabling the preload parameter. (#96)

* refactor: Fix sandbox escape by disabling the preload parameter. * Update python.go * Update nodejs.go * Update config.go * refactor: Fix sandbox escape by disabling the preload parameter. * Update config.go * update * update
langgenius · Oct 16, 2024 · 3a73859 · 3a73859
1 parent 3e39e12
commit 3a73859
Show file tree

Hide file tree

Showing 5 changed files with 17 additions and 1 deletion.
diff --git a/conf/config.yaml b/conf/config.yaml
@@ -7,6 +7,7 @@ max_requests: 50
 worker_timeout: 5
 python_path: /usr/local/bin/python3
 enable_network: True # please make sure there is no network risk in your environment
+enable_preload: False # please keep it as False for security purposes
 allowed_syscalls: # please leave it empty if you have no idea how seccomp works
 proxy:
   socks5: ''

diff --git a/internal/service/nodejs.go b/internal/service/nodejs.go
@@ -14,6 +14,11 @@ func RunNodeJsCode(code string, preload string, options *runner_types.RunnerOpti
 		return types.ErrorResponse(-400, err.Error())
 	}
 
+
+	if !static.GetDifySandboxGlobalConfigurations().EnablePreload {
+	    preload = ""
+	}
+
 	timeout := time.Duration(
 		static.GetDifySandboxGlobalConfigurations().WorkerTimeout * int(time.Second),
 	)

diff --git a/internal/service/python.go b/internal/service/python.go
@@ -19,6 +19,10 @@ func RunPython3Code(code string, preload string, options *runner_types.RunnerOpt
 		return types.ErrorResponse(-400, err.Error())
 	}
 
+	if !static.GetDifySandboxGlobalConfigurations().EnablePreload {
+	    preload = ""
+	}
+
 	timeout := time.Duration(
 		static.GetDifySandboxGlobalConfigurations().WorkerTimeout * int(time.Second),
 	)

diff --git a/internal/static/config.go b/internal/static/config.go
@@ -107,6 +107,11 @@ func InitConfig(path string) error {
 		difySandboxGlobalConfigurations.EnableNetwork, _ = strconv.ParseBool(enable_network)
 	}
 
+	enable_preload := os.Getenv("ENABLE_PRELOAD")
+	if enable_preload != "" {
+		difySandboxGlobalConfigurations.EnablePreload, _ = strconv.ParseBool(enable_preload)
+	}
+
 	allowed_syscalls := os.Getenv("ALLOWED_SYSCALLS")
 	if allowed_syscalls != "" {
 		strs := strings.Split(allowed_syscalls, ",")

diff --git a/internal/types/config.go b/internal/types/config.go
@@ -15,10 +15,11 @@ type DifySandboxGlobalConfigurations struct {
 	PythonDepsUpdateInterval string   `yaml:"python_deps_update_interval"`
 	NodejsPath               string   `yaml:"nodejs_path"`
 	EnableNetwork            bool     `yaml:"enable_network"`
+	EnablePreload            bool     `yaml:"enable_preload"`
 	AllowedSyscalls          []int    `yaml:"allowed_syscalls"`
 	Proxy                    struct {
 		Socks5 string `yaml:"socks5"`
 		Https  string `yaml:"https"`
 		Http   string `yaml:"http"`
 	} `yaml:"proxy"`
-}
+}