mirror of
https://github.com/crewAIInc/crewAI.git
synced 2026-04-30 23:02:50 +00:00
fb2323b3de
Some checks failed
CodeQL Advanced / Analyze (actions) (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Mark stale issues and pull requests / stale (push) Has been cancelled
Build uv cache / build-cache (3.10) (push) Has been cancelled
Build uv cache / build-cache (3.11) (push) Has been cancelled
Build uv cache / build-cache (3.12) (push) Has been cancelled
Build uv cache / build-cache (3.13) (push) Has been cancelled
Nightly Canary Release / Check for new commits (push) Has been cancelled
Nightly Canary Release / Build nightly packages (push) Has been cancelled
Nightly Canary Release / Publish nightly to PyPI (push) Has been cancelled
* [SECURITY] Fix sandbox escape vulnerability in CodeInterpreterTool (F-001) This commit addresses a critical security vulnerability where the CodeInterpreterTool could be exploited via sandbox escape attacks when Docker was unavailable. Changes: - Remove insecure fallback to restricted sandbox in run_code_safety() - Now fails closed with RuntimeError when Docker is unavailable - Mark run_code_in_restricted_sandbox() as deprecated and insecure - Add clear security warnings to SandboxPython class documentation - Update tests to reflect secure-by-default behavior - Add test demonstrating the sandbox escape vulnerability - Update README with security requirements and best practices The previous implementation would fall back to a Python-based 'restricted sandbox' when Docker was unavailable. However, this sandbox could be easily bypassed using Python object introspection to recover the original __import__ function, allowing arbitrary module access and command execution on the host. The fix enforces Docker as a requirement for safe code execution. Users who cannot use Docker must explicitly enable unsafe_mode=True, acknowledging the security risks. Security Impact: - Prevents RCE via sandbox escape when Docker is unavailable - Enforces fail-closed security model - Maintains backward compatibility via unsafe_mode flag References: - https://docs.crewai.com/tools/ai-ml/codeinterpretertool Co-authored-by: Rip&Tear <theCyberTech@users.noreply.github.com> * Add security fix documentation for F-001 Co-authored-by: Rip&Tear <theCyberTech@users.noreply.github.com> * Add Slack summary for security fix Co-authored-by: Rip&Tear <theCyberTech@users.noreply.github.com> * Delete SECURITY_FIX_F001.md * Delete SLACK_SUMMARY.md * chore: regen cassettes * chore: regen more cassettes * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Cursor Agent <cursoragent@cursor.com> Co-authored-by: Rip&Tear <theCyberTech@users.noreply.github.com> Co-authored-by: Greyson LaLonde <greyson@crewai.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
111 lines
3.6 KiB
YAML
111 lines
3.6 KiB
YAML
interactions:
|
|
- request:
|
|
body: '{"messages":[{"role":"system","content":"You are Test Agent. Test agent
|
|
backstory\nYour personal goal is: Test agent goal"},{"role":"user","content":"\nCurrent
|
|
Task: Test task description\n\nThis is the expected criteria for your final
|
|
answer: Test expected output\nyou MUST return the actual complete content as
|
|
the final answer, not a summary.\n\nProvide your complete response:"}],"model":"gpt-4.1-mini"}'
|
|
headers:
|
|
User-Agent:
|
|
- X-USER-AGENT-XXX
|
|
accept:
|
|
- application/json
|
|
accept-encoding:
|
|
- ACCEPT-ENCODING-XXX
|
|
authorization:
|
|
- AUTHORIZATION-XXX
|
|
connection:
|
|
- keep-alive
|
|
content-length:
|
|
- '407'
|
|
content-type:
|
|
- application/json
|
|
host:
|
|
- api.openai.com
|
|
x-stainless-arch:
|
|
- X-STAINLESS-ARCH-XXX
|
|
x-stainless-async:
|
|
- 'false'
|
|
x-stainless-lang:
|
|
- python
|
|
x-stainless-os:
|
|
- X-STAINLESS-OS-XXX
|
|
x-stainless-package-version:
|
|
- 1.83.0
|
|
x-stainless-read-timeout:
|
|
- X-STAINLESS-READ-TIMEOUT-XXX
|
|
x-stainless-retry-count:
|
|
- '0'
|
|
x-stainless-runtime:
|
|
- CPython
|
|
x-stainless-runtime-version:
|
|
- 3.13.12
|
|
method: POST
|
|
uri: https://api.openai.com/v1/chat/completions
|
|
response:
|
|
body:
|
|
string: "{\n \"id\": \"chatcmpl-DJVXy6jcneOpe2GdSSGfNO4TkB6np\",\n \"object\":
|
|
\"chat.completion\",\n \"created\": 1773541870,\n \"model\": \"gpt-4.1-mini-2025-04-14\",\n
|
|
\ \"choices\": [\n {\n \"index\": 0,\n \"message\": {\n \"role\":
|
|
\"assistant\",\n \"content\": \"Test expected output\",\n \"refusal\":
|
|
null,\n \"annotations\": []\n },\n \"logprobs\": null,\n
|
|
\ \"finish_reason\": \"stop\"\n }\n ],\n \"usage\": {\n \"prompt_tokens\":
|
|
72,\n \"completion_tokens\": 3,\n \"total_tokens\": 75,\n \"prompt_tokens_details\":
|
|
{\n \"cached_tokens\": 0,\n \"audio_tokens\": 0\n },\n \"completion_tokens_details\":
|
|
{\n \"reasoning_tokens\": 0,\n \"audio_tokens\": 0,\n \"accepted_prediction_tokens\":
|
|
0,\n \"rejected_prediction_tokens\": 0\n }\n },\n \"service_tier\":
|
|
\"default\",\n \"system_fingerprint\": \"fp_db58fd2815\"\n}\n"
|
|
headers:
|
|
CF-Cache-Status:
|
|
- DYNAMIC
|
|
CF-Ray:
|
|
- 9dc819af5cbb8ce8-EWR
|
|
Connection:
|
|
- keep-alive
|
|
Content-Type:
|
|
- application/json
|
|
Date:
|
|
- Sun, 15 Mar 2026 02:31:10 GMT
|
|
Server:
|
|
- cloudflare
|
|
Strict-Transport-Security:
|
|
- STS-XXX
|
|
Transfer-Encoding:
|
|
- chunked
|
|
X-Content-Type-Options:
|
|
- X-CONTENT-TYPE-XXX
|
|
access-control-expose-headers:
|
|
- ACCESS-CONTROL-XXX
|
|
alt-svc:
|
|
- h3=":443"; ma=86400
|
|
openai-organization:
|
|
- OPENAI-ORG-XXX
|
|
openai-processing-ms:
|
|
- '351'
|
|
openai-project:
|
|
- OPENAI-PROJECT-XXX
|
|
openai-version:
|
|
- '2020-10-01'
|
|
set-cookie:
|
|
- SET-COOKIE-XXX
|
|
x-openai-proxy-wasm:
|
|
- v0.1
|
|
x-ratelimit-limit-requests:
|
|
- X-RATELIMIT-LIMIT-REQUESTS-XXX
|
|
x-ratelimit-limit-tokens:
|
|
- X-RATELIMIT-LIMIT-TOKENS-XXX
|
|
x-ratelimit-remaining-requests:
|
|
- X-RATELIMIT-REMAINING-REQUESTS-XXX
|
|
x-ratelimit-remaining-tokens:
|
|
- X-RATELIMIT-REMAINING-TOKENS-XXX
|
|
x-ratelimit-reset-requests:
|
|
- X-RATELIMIT-RESET-REQUESTS-XXX
|
|
x-ratelimit-reset-tokens:
|
|
- X-RATELIMIT-RESET-TOKENS-XXX
|
|
x-request-id:
|
|
- X-REQUEST-ID-XXX
|
|
status:
|
|
code: 200
|
|
message: OK
|
|
version: 1
|