Skip to content

[Codex] fix: harden AST sandboxing in logic executor to prevent sandbox escapes#528

Open
Micsi wants to merge 1 commit into
abeggled:mainfrom
Micsi:codex/propose-fix-for-logic-execution-vulnerability
Open

[Codex] fix: harden AST sandboxing in logic executor to prevent sandbox escapes#528
Micsi wants to merge 1 commit into
abeggled:mainfrom
Micsi:codex/propose-fix-for-logic-execution-vulnerability

Conversation

@Micsi
Copy link
Copy Markdown
Collaborator

@Micsi Micsi commented May 20, 2026
edited
Loading

Source PR

Motivation

  • The logic engine allowed user-supplied formula and script strings to reach eval/exec which enabled attribute-traversal sandbox escapes and authenticated RCE.
  • The goal is to minimally harden the executor so formulas and scripts cannot use dangerous AST constructs or object-graph traversal while preserving intended math/script features.

Description

  • Added GraphExecutor._validate_formula_ast which allows only a constrained set of expression AST node types and blocks attribute access except safe math.<name> lookups.
  • Added GraphExecutor._validate_script_ast which blocks dangerous script constructs (imports, defs, class/async/lambda/with/try/global/nonlocal/raise/delete/yield/await) and disallows attribute traversal except safe math.<name> access.
  • Integrated these validators into _safe_eval (validate parsed formula AST before eval) and _run_script (validate parsed script AST and compile before exec).
  • Updated unit test tests/unit/test_executor.py to assert attribute traversal is blocked instead of documenting the previous unsafe behavior.

Testing

  • Ran pytest -q tests/unit/test_executor.py and the test file passed with all tests green (192 passed, 1 warning).
  • The change is minimal, focused on AST validation in obs/logic/executor.py and the associated unit test update in tests/unit/test_executor.py.

Codex Task

@Micsi Micsi added the Security Security-related changes label May 20, 2026
@Micsi
Copy link
Copy Markdown
Collaborator Author

Micsi commented May 20, 2026

Zusatzupdate aus dem Security-Review (TDD-basiert):

  • Formula-Sandbox so nachgezogen, dass math.<name> in Formeln tatsächlich erreichbar ist (z. B. math.sqrt(x)), ohne die Sperre für Objekt-Graph-Traversal zu lockern.
  • Dunder-Zugriffe bleiben blockiert (math.__dict__ in Formula und Script).
  • Zusätzlicher Negativtest für disallowte Formula-Syntax (lambda) ergänzt.
  • Tests erweitert und grün: pytest -q tests/unit/test_executor.py -> 196 passed.
  • Lint grün auf den geänderten Dateien: ruff check obs/logic/executor.py tests/unit/test_executor.py.
  • Coverage im betroffenen Modul verbessert auf 70% (obs/logic/executor.py), Diff-Coverage für geänderte Executor-Zeilen: 32/32.

@Micsi Micsi mentioned this pull request May 20, 2026
Open
@Micsi Micsi force-pushed the codex/propose-fix-for-logic-execution-vulnerability branch from a093901 to 02baecd Compare May 20, 2026 11:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Security Security-related changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Micsi