fix(security): remove dangerous exec() in legacy function calling path#585
Open
ketan0095 wants to merge 1 commit intobolna-ai:masterfrom
Open
fix(security): remove dangerous exec() in legacy function calling path#585ketan0095 wants to merge 1 commit intobolna-ai:masterfrom
ketan0095 wants to merge 1 commit intobolna-ai:masterfrom
Conversation
The legacy string-template code path used compile() + exec() to run the formatted param string as Python code before using it as JSON. This is a security risk if the template or kwargs contain untrusted input (e.g. from LLM output). The exec call was also unnecessary — the string substitution on the next line (param % json_kwargs) already produces the correct request_body without executing anything. The new $var marker system is already the recommended safe path. This change just removes the exec from the legacy fallback. Fixes bolna-ai#407
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
compile()+exec()calls from the legacy string-template code path infunction_calling_helpers.pyexecwas unnecessary —param % json_kwargson the following line already produces the correctrequest_bodyexecposed a security risk if the template string or kwargs contained untrusted input (e.g., from LLM output)What changed
Before (lines 90-92):
After:
The new
$varmarker substitution system (already in the same function) is the recommended safe path. This just cleans up the legacy fallback.Test plan
%(field)sstyle param templates still produce correct API payloadsFixes #407