mirror of
https://github.com/crewAIInc/crewAI.git
synced 2026-04-06 02:58:13 +00:00
6ee0cacd7c
This commit addresses a critical security vulnerability where the CodeInterpreterTool could be exploited via sandbox escape attacks when Docker was unavailable. Changes: - Remove insecure fallback to restricted sandbox in run_code_safety() - Now fails closed with RuntimeError when Docker is unavailable - Mark run_code_in_restricted_sandbox() as deprecated and insecure - Add clear security warnings to SandboxPython class documentation - Update tests to reflect secure-by-default behavior - Add test demonstrating the sandbox escape vulnerability - Update README with security requirements and best practices The previous implementation would fall back to a Python-based 'restricted sandbox' when Docker was unavailable. However, this sandbox could be easily bypassed using Python object introspection to recover the original __import__ function, allowing arbitrary module access and command execution on the host. The fix enforces Docker as a requirement for safe code execution. Users who cannot use Docker must explicitly enable unsafe_mode=True, acknowledging the security risks. Security Impact: - Prevents RCE via sandbox escape when Docker is unavailable - Enforces fail-closed security model - Maintains backward compatibility via unsafe_mode flag References: - https://docs.crewai.com/tools/ai-ml/codeinterpretertool Co-authored-by: Rip&Tear <theCyberTech@users.noreply.github.com>