Skip to content

fix(security): block native FFI imports in generated code#14040

Merged
erichare merged 5 commits into
release-1.10.3from
fix/le-1786-code-security-native-ffi
Jul 14, 2026
Merged

fix(security): block native FFI imports in generated code#14040
erichare merged 5 commits into
release-1.10.3from
fix/le-1786-code-security-native-ffi

Conversation

@erichare

@erichare erichare commented Jul 13, 2026

Copy link
Copy Markdown
Collaborator

Summary

Testing

  • 107 scanner tests passed
  • 5 flow security-gate tests passed
  • Ruff, formatting, and pre-commit passed

Merge order

Merge #14041 first, then this PR, then #14032.

Summary by CodeRabbit

  • Security Enhancements

    • Expanded code scanning to block additional native FFI modules.
    • Improved detection of unsafe operations hidden behind aliases, assignments, chained references, and conditional logic.
    • Prevented unsafe flows from being executed when prohibited imports are detected.
  • Bug Fixes

    • Reduced false positives by correctly handling safe modules, variable rebinding, and scope boundaries.

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5b9eb5e0-c102-472f-b285-0076c0325e06

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review

Walkthrough

The AST security scanner now blocks native FFI imports, tracks aliases through assignments and branches, resolves dangerous accesses across multiple candidates, and isolates scope state. Tests cover these cases and verify unsafe flows stop before graph construction.

Changes

Security scanner protections

Layer / File(s) Summary
FFI blocklist and alias-state tracking
src/backend/base/langflow/agentic/helpers/code_security.py
Adds native FFI modules to the forbidden-import list and updates alias binding, shadowing, assignment handling, branch merging, and scope isolation.
Resolved dangerous access detection
src/backend/base/langflow/agentic/helpers/code_security.py
Checks resolved module candidates for forbidden attributes, calls, and exact dotted submodule accesses.
Scanner and flow security-gate tests
src/backend/tests/unit/agentic/helpers/test_code_security.py, src/backend/tests/unit/agentic/services/test_flow_run.py
Tests FFI detection, assignment-alias scenarios, scope behavior, safe rebinding, and rejection before graph construction.

Estimated code review effort: 4 (Complex) | ~45 minutes

Possibly related PRs

Suggested labels: lgtm

Suggested reviewers: ogabrielluiz, cristhianzl

🚥 Pre-merge checks | ✅ 4 | ❌ 5

❌ Failed checks (1 warning, 4 inconclusive)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 31.25% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Test Coverage For New Implementations ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Test Quality And Coverage ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Test File Naming And Structure ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Excessive Mock Usage Warning ❓ Inconclusive Repository clone failed, so this custom check could not run with code access. Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly summarizes the main change: blocking native FFI imports in generated code.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/le-1786-code-security-native-ffi

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added the bug Something isn't working label Jul 13, 2026
@github-actions github-actions Bot removed the bug Something isn't working label Jul 13, 2026
@github-actions github-actions Bot added bug Something isn't working and removed bug Something isn't working labels Jul 13, 2026
@erichare erichare marked this pull request as ready for review July 13, 2026 19:47
@github-actions

Copy link
Copy Markdown
Contributor

✅ Test Coverage Advisor

No source changes detected without accompanying tests. Thanks for keeping coverage up! 🎉

Advisory check only — never blocks merge.

@erichare erichare requested a review from Adam-Aghili July 13, 2026 19:49
@github-actions github-actions Bot added bug Something isn't working and removed bug Something isn't working labels Jul 13, 2026
@github-actions github-actions Bot added bug Something isn't working and removed bug Something isn't working labels Jul 13, 2026
@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Frontend Unit Test Coverage Report

Coverage Summary

Lines Statements Branches Functions
Coverage: 43%
43.53% (58077/133393) 69.19% (7885/11395) 41.56% (1298/3123)

Unit Test Results

Tests Skipped Failures Errors Time
4979 0 💤 0 ❌ 0 🔥 14m 53s ⏱️

@codecov

codecov Bot commented Jul 13, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 86.60287% with 28 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (release-1.10.3@61d6490). Learn more about missing BASE report.

Files with missing lines Patch % Lines
...end/base/langflow/agentic/helpers/code_security.py 86.60% 28 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@                Coverage Diff                @@
##             release-1.10.3   #14040   +/-   ##
=================================================
  Coverage                  ?   58.73%           
=================================================
  Files                     ?     2310           
  Lines                     ?   221521           
  Branches                  ?    32535           
=================================================
  Hits                      ?   130106           
  Misses                    ?    89881           
  Partials                  ?     1534           
Flag Coverage Δ
backend 65.90% <86.60%> (?)
frontend 57.84% <ø> (?)
lfx 54.94% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
...end/base/langflow/agentic/helpers/code_security.py 91.29% <86.60%> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Adam-Aghili Adam-Aghili left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM merge conflict

@github-actions github-actions Bot added bug Something isn't working and removed bug Something isn't working labels Jul 14, 2026
@erichare erichare merged commit 6cc04c9 into release-1.10.3 Jul 14, 2026
104 of 105 checks passed
@erichare erichare deleted the fix/le-1786-code-security-native-ffi branch July 14, 2026 18:13
erichare added a commit that referenced this pull request Jul 14, 2026
* fix(kb): enforce per-user path containment

* fix(security): protect Docling Serve outbound requests (#14033)

* fix(security): protect Docling Serve requests

* fix(docling): support Self on Python 3.10

* [autofix.ci] apply automated fixes

* [autofix.ci] apply automated fixes (attempt 2/3)

* fix(auth): verify current password on password changes (#14034)

* fix(security): harden MCP stdio configuration (#14036)

* fix(security): restrict MCP stdio package sources

* fix(security): block MCP Docker host access

* fix(security): validate embedded MCP stdio configs

* fix: require executable-only MCP commands

* test: use allowed MCP commands in timeout tests

* fix(security): harden component code module access (#14032)

* fix(security): harden component code module access

* fix(security): block native FFI imports in generated code

* fix: track module assignment aliases in code scanner

* fix(security): address alias review findings

* fix: correct deprecated model settings behavior (#14047)

* fix: prevent deprecated model enablement

* test: use supported model in credential cleanup

* fix(voice): enforce flow authorization on websocket (#14043)

* fix(security): block native FFI imports in generated code (#14040)

* fix(security): block native FFI imports in generated code

* fix: track module assignment aliases in code scanner

* chore: resolve code security conflicts

* fix(security): confine AssemblyAI audio file access (#14037)

* fix(security): confine AssemblyAI audio file access

* [autofix.ci] apply automated fixes

* test: stub optional AssemblyAI dependency

* fix(security): harden AssemblyAI file submission

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>

* fix: track assignment aliases in component code scanner (#14041)

fix: bind loop and comprehension aliases

---------

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants