Skip to content
This repository was archived by the owner on Jun 16, 2026. It is now read-only.
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .jules/sentinel.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,7 @@
**Vulnerability:** Found an unused `_attempt_import` function in `src/codeweaver/server/mcp/server.py` that dynamically imports a module directly from unvalidated configuration (`import_module(mw.rsplit(".", 1)[0])`), leading to potential arbitrary code execution.
**Learning:** Functions that perform dynamic imports should not be left around in the codebase if they are unused, especially if they are designed to take unvalidated strings as input.
**Prevention:** Avoid dynamic imports based on configuration or inputs without strict whitelisting. Use tools like `semgrep` with python security rules to actively catch these patterns.
## 2026-04-22 - Unrestricted AST Call nodes in _safe_eval_type
**Vulnerability:** Found `ast.Call` included in the allowed nodes list of `_safe_eval_type` in `src/codeweaver/core/di/container.py` without validation, which introduces a critical Arbitrary Code Execution (ACE) vulnerability as it permits execution of any callable in the module's global namespace via `eval()`.
**Learning:** Permitting generic `ast.Call` nodes when parsing untrusted or complex type strings dynamically evaluated via `eval()` can lead to ACE if the type string references available functions in the global scope.
**Prevention:** Always restrict `ast.Call` nodes to a strict whitelist of explicitly required, known-safe functions (e.g., `Depends`, `Field`) when utilizing AST validation prior to dynamic evaluation.
16 changes: 15 additions & 1 deletion src/codeweaver/core/di/container.py
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ def __init__(self) -> None:
self._request_cache: dict[Any, Any] = {} # Keys can be types or callables
self._providers_loaded: bool = False # Track if auto-discovery has run

def _safe_eval_type(self, type_str: str, globalns: dict[str, Any]) -> Any | None:
def _safe_eval_type(self, type_str: str, globalns: dict[str, Any]) -> Any | None: # noqa: C901
"""Safely evaluate a type string using AST validation.

Parses the type string into an AST, validates that it contains only safe
Expand Down Expand Up @@ -136,6 +136,20 @@ def generic_visit(self, node: ast.AST) -> None:
if isinstance(node, ast.Attribute) and node.attr.startswith("__"):
raise TypeError(f"Forbidden dunder attribute: {node.attr}")

# Security Enhancement: Prevent Arbitrary Code Execution (ACE)
# Allowing generic ast.Call nodes could permit execution of any callable in the global namespace.
# Restrict to known safe functions used in type annotations.
if isinstance(node, ast.Call):
func_name = None
if isinstance(node.func, ast.Name):
func_name = node.func.id
elif isinstance(node.func, ast.Attribute):
func_name = node.func.attr

allowed_calls = {"Depends", "depends", "Field", "PrivateAttr", "Tag", "Parameter"}
if func_name not in allowed_calls:
raise TypeError(f"Forbidden function call in type string: {func_name}")

super().generic_visit(node)

try:
Expand Down
Loading