Security issue: plugin-0g allows to upload any file #1753
Labels
Comments
|
cc @lalalune |
|
I start working on this. |
AIFlowML
added a commit
to AIFlowML/eliza_aiflow
that referenced
this issue
Jan 4, 2025
… - Add FileSecurityValidator, file type restrictions, size limits, path traversal prevention, enhanced logging and security documentation (elizaOS#1753)
7 tasks
|
Pushed already a fix for this with the PR #1806 |
odilitime
added a commit
that referenced
this issue
Jan 12, 2025
… - Add FileSecurityValidator, file type restrictions, size limits, path traversal prevention, enhanced logging and security documentation (#1753) (#1806) Co-authored-by: Odilitime <[email protected]>
odilitime
added a commit
that referenced
this issue
Jan 12, 2025
* chore: lint and fix pass on develop (#2180) * typo fix: close object * update lockfile * lint fixes * processAtions can't be awaited in non-async function * revert GoPlusType so it can work with switch statement * lint fixes * processAtions can't be awaited in non-async function * revert GoPlusType so it can work with switch statement * bump lock * merge, fix conflicts * convert imageDescriptionsArray from let to const per lint * remove duplicate TOGETHER in case, lint/unused var * bump eslint so it doesn't crash * comment out unused AkashMessage interface * clean up unused var in catch * bump * Add Persian README File * fix path * fix quai deps * fix json format typo * Update types.ts * fix postgres adapter migration extension creation which already exists at this point (#2188) * fix(client-twitter): clean up mention deduplication (#2185) Co-authored-by: Odilitime <[email protected]> * feat(security): Implement comprehensive file upload security measures - Add FileSecurityValidator, file type restrictions, size limits, path traversal prevention, enhanced logging and security documentation (#1753) (#1806) Co-authored-by: Odilitime <[email protected]> * bump version --------- Co-authored-by: Ali <[email protected]> Co-authored-by: Masterdai <[email protected]> Co-authored-by: koloxarto <[email protected]> Co-authored-by: Nuri Hodges <[email protected]> Co-authored-by: AIFlow_ML <[email protected]>
mgunnin
added a commit
to mgunnin/eliza-agent
that referenced
this issue
Jan 12, 2025
* main: (704 commits) bump version (elizaOS#2193) feat(security): Implement comprehensive file upload security measures - Add FileSecurityValidator, file type restrictions, size limits, path traversal prevention, enhanced logging and security documentation (elizaOS#1753) (elizaOS#1806) fix(client-twitter): clean up mention deduplication (elizaOS#2185) fix postgres adapter migration extension creation which already exists at this point (elizaOS#2188) Update types.ts fix json format typo fix quai deps fix path Add Persian README File chore: lint and fix pass on develop (elizaOS#2180) bump version to 0,1,8 bump clean up unused var in catch comment out unused AkashMessage interface bump eslint so it doesn't crash remove duplicate TOGETHER in case, lint/unused var convert imageDescriptionsArray from let to const per lint fix: Koloxarto/fix ragknowledge for postgres (elizaOS#2153) fix: fix the chat stuck in infinite loop (elizaOS#1755) fix: remove problematic redundant uuid conversion and add api input param validations to api server (elizaOS#2051) ...
0xpi-ai
pushed a commit
to 0xpi-ai/NayariAI
that referenced
this issue
Jan 15, 2025
… - Add FileSecurityValidator, file type restrictions, size limits, path traversal prevention, enhanced logging and security documentation (elizaOS#1753) (elizaOS#1806) Co-authored-by: Odilitime <[email protected]>
0xpi-ai
pushed a commit
to 0xpi-ai/NayariAI
that referenced
this issue
Jan 15, 2025
* chore: lint and fix pass on develop (elizaOS#2180) * typo fix: close object * update lockfile * lint fixes * processAtions can't be awaited in non-async function * revert GoPlusType so it can work with switch statement * lint fixes * processAtions can't be awaited in non-async function * revert GoPlusType so it can work with switch statement * bump lock * merge, fix conflicts * convert imageDescriptionsArray from let to const per lint * remove duplicate TOGETHER in case, lint/unused var * bump eslint so it doesn't crash * comment out unused AkashMessage interface * clean up unused var in catch * bump * Add Persian README File * fix path * fix quai deps * fix json format typo * Update types.ts * fix postgres adapter migration extension creation which already exists at this point (elizaOS#2188) * fix(client-twitter): clean up mention deduplication (elizaOS#2185) Co-authored-by: Odilitime <[email protected]> * feat(security): Implement comprehensive file upload security measures - Add FileSecurityValidator, file type restrictions, size limits, path traversal prevention, enhanced logging and security documentation (elizaOS#1753) (elizaOS#1806) Co-authored-by: Odilitime <[email protected]> * bump version --------- Co-authored-by: Ali <[email protected]> Co-authored-by: Masterdai <[email protected]> Co-authored-by: koloxarto <[email protected]> Co-authored-by: Nuri Hodges <[email protected]> Co-authored-by: AIFlow_ML <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Looking at 0g plugin, it seems it will allow anyone interacting with the agent to upload any file from the filesystem
https://github.com/elizaOS/eliza/blob/main/packages/plugin-0g/src/actions/upload.ts#L111
This is potentialyl very dangerous because the attacker could upload .env file, ssh keys or other secrets
To Reproduce
I have not tried to reproduce this, but it seems pretty obvious that an agent with 0g plugin enabled would not have an issue with uploading any filepath parsed by the template
Expected behavior
No private files are uploaded ever.
This could involve multiple approaches and risks should be highlighted to agent operator.
The template should check for potential security issues (assuming LLMs would generally understand where private files are stored)
More secure option would be to limit the
filePathto some safe subdir, make it configurable in .env and then prefix or match thefilePathwith the prefixScreenshots
Additional context
The text was updated successfully, but these errors were encountered: