fix(security): harden component code module access#14032
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (2)
WalkthroughThe AST security scanner now blocks native FFI imports, ChangesSecurity scanning hardening
Estimated code review effort: 4 (Complex) | ~45 minutes Sequence Diagram(s)sequenceDiagram
participant FlowRunner
participant SecurityChecker
participant AliasResolver
participant GraphBuilder
FlowRunner->>SecurityChecker: scan generated node code
SecurityChecker->>AliasResolver: resolve imports and aliases
AliasResolver-->>SecurityChecker: canonical module candidates
SecurityChecker-->>FlowRunner: unsafe violation or safe result
FlowRunner->>GraphBuilder: build graph only when safe
Possibly related PRs
Suggested labels: Suggested reviewers: 🚥 Pre-merge checks | ✅ 9✅ Passed checks (9 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
✅ Test Coverage AdvisorNo source changes detected without accompanying tests. Thanks for keeping coverage up! 🎉
|
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@src/backend/base/langflow/agentic/helpers/code_security.py`:
- Around line 528-533: Update the getattr-call validation in the visible AST
security-checking logic to resolve `node.func` through the existing alias
tracker, not only accept an `ast.Name` whose identifier is literally “getattr”.
Ensure aliases such as `reflect = getattr` are treated as getattr calls and
cannot bypass the security checks, and add a regression test covering
`reflect(os, "system")("id")`.
- Around line 366-376: Extend the alias visitor with visit_For, visit_AsyncFor,
and visit_While methods. Each method must snapshot the pre-loop alias state,
visit the loop condition/target and body from that state, then conservatively
merge the pre-loop state with the loop-body effects so zero-iteration execution
remains possible. Preserve appropriate handling of loop else branches without
allowing loop-only alias rewrites to bypass security checks.
- Around line 265-277: The fallback in _bind_assignment_target incorrectly
shadows fixed targets when unpacking a tuple/list with a starred target. Update
tuple/list handling to bind each fixed target to its corresponding RHS element,
while assigning the remaining RHS elements to the starred target as appropriate,
so `module, *rest = (os,)` preserves the alias for `module` and unresolved cases
still shadow only targets without a resolvable value.
- Around line 306-312: Update visit_Import so alias bindings retain the complete
dotted import target, recording alias.asname or the appropriate default binding
as alias.name rather than only its top-level module. Preserve the existing
dangerous-import checks and ensure imports without aliases continue to bind
correctly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 6eb80dfa-8571-404f-8ef6-fc96dbb9e92e
📒 Files selected for processing (3)
src/backend/base/langflow/agentic/helpers/code_security.pysrc/backend/tests/unit/agentic/helpers/test_code_security.pysrc/backend/tests/unit/agentic/services/test_flow_run.py
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## release-1.10.3 #14032 +/- ##
=================================================
Coverage ? 58.71%
=================================================
Files ? 2308
Lines ? 221269
Branches ? 32389
=================================================
Hits ? 129920
Misses ? 89863
Partials ? 1486
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
Adam-Aghili
left a comment
There was a problem hiding this comment.
Address code rabbits these 3 look real. otherwise LGTM
|
Technically dosen't solve the issue in |
|
@coderabbitai review |
✅ Action performedReview finished.
|
* fix(kb): enforce per-user path containment * fix(security): protect Docling Serve outbound requests (#14033) * fix(security): protect Docling Serve requests * fix(docling): support Self on Python 3.10 * [autofix.ci] apply automated fixes * [autofix.ci] apply automated fixes (attempt 2/3) * fix(auth): verify current password on password changes (#14034) * fix(security): harden MCP stdio configuration (#14036) * fix(security): restrict MCP stdio package sources * fix(security): block MCP Docker host access * fix(security): validate embedded MCP stdio configs * fix: require executable-only MCP commands * test: use allowed MCP commands in timeout tests * fix(security): harden component code module access (#14032) * fix(security): harden component code module access * fix(security): block native FFI imports in generated code * fix: track module assignment aliases in code scanner * fix(security): address alias review findings * fix: correct deprecated model settings behavior (#14047) * fix: prevent deprecated model enablement * test: use supported model in credential cleanup * fix(voice): enforce flow authorization on websocket (#14043) * fix(security): block native FFI imports in generated code (#14040) * fix(security): block native FFI imports in generated code * fix: track module assignment aliases in code scanner * chore: resolve code security conflicts * fix(security): confine AssemblyAI audio file access (#14037) * fix(security): confine AssemblyAI audio file access * [autofix.ci] apply automated fixes * test: stub optional AssemblyAI dependency * fix(security): harden AssemblyAI file submission --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: track assignment aliases in component code scanner (#14041) fix: bind loop and comprehension aliases --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Summary
getattruse and safe rebindingTesting
Merge order
Merge #14041, then #14040, then this PR.
Summary by CodeRabbit
getattrcases).