mirror of
https://github.com/crewAIInc/crewAI.git
synced 2026-05-07 10:12:38 +00:00
6725d86304
LanceDBStorage interpolated caller-supplied scope paths and record IDs directly into the WHERE clauses passed to LanceDB's where(), which accepts a raw DataFusion SQL expression and does not support parameterized queries. A malicious or unprivileged caller could escape the configured scope sandbox -- for example, calling delete(scope_prefix="/alpha' OR scope LIKE '/%") would wipe every record in the table instead of just the /alpha subtree -- and ordinary strings containing apostrophes (e.g. 'O''Brien') could crash the SQL parser. Add _escape_sql_str() and _escape_like() helpers and route every user-controlled value through them in search(), delete(), reset(), and the shared _scan_rows() reader. The LIKE clauses now also use ESCAPE '\\' so % and _ in caller-supplied prefixes are treated as literals instead of wildcards. Adds tests/memory/test_lancedb_storage_security.py covering each sink (search, delete by scope, delete by id, reset, scan-based readers) with both injection payloads and legitimate apostrophe- containing scopes/IDs.