From 3a738590e71450170891d6874215e6aa8c865307 Mon Sep 17 00:00:00 2001
From: HRP <72968793+hexian2001@users.noreply.github.com>
Date: Wed, 16 Oct 2024 19:45:39 +0800
Subject: [PATCH] refactor: Fix sandbox escape by disabling the preload
 parameter. (#96)

* refactor: Fix sandbox escape by disabling the preload parameter.

* Update python.go

* Update nodejs.go

* Update config.go

* refactor: Fix sandbox escape by disabling the preload parameter.

* Update config.go

* update

* update
---
 conf/config.yaml           | 1 +
 internal/service/nodejs.go | 5 +++++
 internal/service/python.go | 4 ++++
 internal/static/config.go  | 5 +++++
 internal/types/config.go   | 3 ++-
 5 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/conf/config.yaml b/conf/config.yaml
index 8c1a1deb..1f53cdef 100644
--- a/conf/config.yaml
+++ b/conf/config.yaml
@@ -7,6 +7,7 @@ max_requests: 50
 worker_timeout: 5
 python_path: /usr/local/bin/python3
 enable_network: True # please make sure there is no network risk in your environment
+enable_preload: False # please keep it as False for security purposes
 allowed_syscalls: # please leave it empty if you have no idea how seccomp works
 proxy:
   socks5: ''
diff --git a/internal/service/nodejs.go b/internal/service/nodejs.go
index 75cc6542..f7229504 100644
--- a/internal/service/nodejs.go
+++ b/internal/service/nodejs.go
@@ -14,6 +14,11 @@ func RunNodeJsCode(code string, preload string, options *runner_types.RunnerOpti
 		return types.ErrorResponse(-400, err.Error())
 	}
 
+	
+	if !static.GetDifySandboxGlobalConfigurations().EnablePreload {
+	    preload = ""
+	}
+	
 	timeout := time.Duration(
 		static.GetDifySandboxGlobalConfigurations().WorkerTimeout * int(time.Second),
 	)
diff --git a/internal/service/python.go b/internal/service/python.go
index 3bd60021..f9036c83 100644
--- a/internal/service/python.go
+++ b/internal/service/python.go
@@ -19,6 +19,10 @@ func RunPython3Code(code string, preload string, options *runner_types.RunnerOpt
 		return types.ErrorResponse(-400, err.Error())
 	}
 
+	if !static.GetDifySandboxGlobalConfigurations().EnablePreload {
+	    preload = ""
+	}
+	
 	timeout := time.Duration(
 		static.GetDifySandboxGlobalConfigurations().WorkerTimeout * int(time.Second),
 	)
diff --git a/internal/static/config.go b/internal/static/config.go
index 0f3401fd..28c443d0 100644
--- a/internal/static/config.go
+++ b/internal/static/config.go
@@ -107,6 +107,11 @@ func InitConfig(path string) error {
 		difySandboxGlobalConfigurations.EnableNetwork, _ = strconv.ParseBool(enable_network)
 	}
 
+	enable_preload := os.Getenv("ENABLE_PRELOAD")
+	if enable_preload != "" {
+		difySandboxGlobalConfigurations.EnablePreload, _ = strconv.ParseBool(enable_preload)
+	}
+
 	allowed_syscalls := os.Getenv("ALLOWED_SYSCALLS")
 	if allowed_syscalls != "" {
 		strs := strings.Split(allowed_syscalls, ",")
diff --git a/internal/types/config.go b/internal/types/config.go
index a6854e2a..34ac33b8 100644
--- a/internal/types/config.go
+++ b/internal/types/config.go
@@ -15,10 +15,11 @@ type DifySandboxGlobalConfigurations struct {
 	PythonDepsUpdateInterval string   `yaml:"python_deps_update_interval"`
 	NodejsPath               string   `yaml:"nodejs_path"`
 	EnableNetwork            bool     `yaml:"enable_network"`
+	EnablePreload            bool     `yaml:"enable_preload"`
 	AllowedSyscalls          []int    `yaml:"allowed_syscalls"`
 	Proxy                    struct {
 		Socks5 string `yaml:"socks5"`
 		Https  string `yaml:"https"`
 		Http   string `yaml:"http"`
 	} `yaml:"proxy"`
-}
+}
\ No newline at end of file