Skip to content

[CRITICAL] Fix: Prevent RCE via Unsafe Code Execution in No-Op Sandbox #389

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
aditya072690 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[CRITICAL] Fix: Prevent RCE via Unsafe Code Execution in No-Op Sandbox #389

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 30 additions & 5 deletions workflow/packages/engine/src/lib/core/code/code-sandbox.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import { assertNotNullOrUndefined, ExecutionMode } from 'workflow-shared'
import { CodeSandbox } from '../../core/code/code-sandbox-common'

const EXECUTION_MODE = (process.env.AP_EXECUTION_MODE as ExecutionMode)
const EXECUTION_MODE = (process.env.AP_EXECUTION_MODE as ExecutionMode) || ExecutionMode.SANDBOX_CODE_ONLY

const loadNoOpCodeSandbox = async (): Promise<CodeSandbox> => {
const noOpCodeSandboxModule = await import('./no-op-code-sandbox')
Expand All @@ -14,13 +14,37 @@ const loadV8IsolateSandbox = async (): Promise<CodeSandbox> => {
}

const loadCodeSandbox = async (): Promise<CodeSandbox> => {
const loaders = {
[ExecutionMode.UNSANDBOXED]: loadNoOpCodeSandbox,
[ExecutionMode.SANDBOXED]: loadNoOpCodeSandbox,
// SECURITY: Force safe sandbox in production
if (process.env.NODE_ENV === 'production') {
console.warn('[CodeSandbox] Production environment detected. Forcing SANDBOX_CODE_ONLY mode.')
return loadV8IsolateSandbox()
}

// SECURITY: Only allow unsafe modes in development with explicit flag
const allowUnsafe = process.env.ALLOW_UNSANDBOXED === 'true'
if (!allowUnsafe && (EXECUTION_MODE === ExecutionMode.UNSANDBOXED || EXECUTION_MODE === ExecutionMode.SANDBOXED)) {
console.warn(
`[CodeSandbox] Unsafe execution mode (${EXECUTION_MODE}) detected but ALLOW_UNSANDBOXED is not set. ` +
`Defaulting to SANDBOX_CODE_ONLY for security.`
)
return loadV8IsolateSandbox()
}

if (allowUnsafe) {
console.warn(
`[CodeSandbox] ⚠️ WARNING: Running in ${EXECUTION_MODE} mode with ALLOW_UNSANDBOXED=true. ` +
`This is UNSAFE and should only be used in development!`
)
}

const loaders: Record<ExecutionMode, () => Promise<CodeSandbox>> = {
[ExecutionMode.UNSANDBOXED]: allowUnsafe ? loadNoOpCodeSandbox : loadV8IsolateSandbox,
[ExecutionMode.SANDBOXED]: allowUnsafe ? loadNoOpCodeSandbox : loadV8IsolateSandbox,
[ExecutionMode.SANDBOX_CODE_ONLY]: loadV8IsolateSandbox,
}

assertNotNullOrUndefined(EXECUTION_MODE, 'AP_EXECUTION_MODE')
const loader = loaders[EXECUTION_MODE]
const loader = loaders[EXECUTION_MODE] || loadV8IsolateSandbox
return loader()
}

Expand All @@ -33,3 +57,4 @@ export const initCodeSandbox = async (): Promise<CodeSandbox> => {

return instance
}