Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve template evaluation security to prevent arbitrary code execution #48

Open
NiklasRosenstein opened this issue Dec 9, 2024 · 0 comments
Open

Improve template evaluation security to prevent arbitrary code execution #48

NiklasRosenstein opened this issue Dec 9, 2024 · 0 comments
Labels
security

Comments

@NiklasRosenstein
Copy link
Collaborator

NiklasRosenstein commented Dec 9, 2024
edited
Loading

Currently, Nyl uses structured-templates to evaluate ${{ ... }} expressions in Kubernetes manifests. This package currently uses eval() to evaluate these expressions, which is insecure when evaluating untrusted Kubernetes manifests, such as in a multi-tenant deployment of ArgoCD.

https://github.com/NiklasRosenstein/python-structured-templates/blob/88cb31e7c560fe63269b5f81f50dcc77bbe6c559/src/structured_templates/engine.py#L163-L172

An attacker could add this into a Kubernetes manifest to read out the SOPS_AGE_KEY environment variable for example:

apiVersion: v1
kind: Secret
metadata:
  name: expose-it
stringData:
  SOPS_AGE_KEY: ${{ __import__("os").getenv("SOPS_AGE_KEY") }}

We must replace it with a more secure engine that supports the same simple language constructs (e.g. attribute lookup and function calls) but severely limits the scope of the operations that can be performed inside a template expression.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@NiklasRosenstein