Skip to content

[micro-fix] fix(security): H-02 — Restrict attribute access in safe_eval#5588

Open
shibinsp wants to merge 1 commit intoaden-hive:mainfrom
shibinsp:fix/h02-attribute-access-restriction
Open

[micro-fix] fix(security): H-02 — Restrict attribute access in safe_eval#5588
shibinsp wants to merge 1 commit intoaden-hive:mainfrom
shibinsp:fix/h02-attribute-access-restriction

Conversation

@shibinsp
Copy link

@shibinsp shibinsp commented Mar 1, 2026

Fixes #5558

Summary

Blocks dangerous attribute access patterns in safe_eval() that could allow sandbox escape through Python introspection.

Severity: 🟠 High — Attackers could escape the eval sandbox and execute arbitrary code.

Changes

  • Added dunder attribute blocking
  • Added dangerous built-in blocking (eval, exec, import, etc.)
  • Added AST-level validation before evaluation

Files Changed

  • framework/nodes/logic.py — +38 lines

Test Plan

  • All 4 tests passing on fix branch

Note: Using micro-fix bypass. Please assign me to the linked issue so I can update the title.

@claude
security(H-02): restrict attribute access to safe built-in types
6b3cfdc 
Limit visit_Attribute to only allow attribute access on basic
Python types (str, int, float, list, dict, tuple, set, etc.).

Previously, getattr() was called on arbitrary context objects
with only an underscore-prefix check, which could expose
dangerous methods or internal state on custom objects.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Security] H-02: Bypassable attribute blocklist in safe_eval (High)

1 participant

@shibinsp