diff options
author | Krzysztof Czerwinski <34861343+kcze@users.noreply.github.com> | 2024-02-28 19:16:02 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-02-28 19:16:02 +0100 |
commit | 30762c211ecb35bd69c05f496561be4809b2d0d3 (patch) | |
tree | e72a10f55a74deffec7d86e4775845114468a3f0 | |
parent | fix(agent/security): Mitigate shell injection vulnerabilities (#6903) (diff) | |
download | Auto-GPT-30762c211ecb35bd69c05f496561be4809b2d0d3.tar.gz Auto-GPT-30762c211ecb35bd69c05f496561be4809b2d0d3.tar.bz2 Auto-GPT-30762c211ecb35bd69c05f496561be4809b2d0d3.zip |
fix(agent/execute_code): Disable code execution commands when Docker is unavailable (#6888)
-rw-r--r-- | autogpts/autogpt/autogpt/commands/execute_code.py | 39 |
1 files changed, 30 insertions, 9 deletions
diff --git a/autogpts/autogpt/autogpt/commands/execute_code.py b/autogpts/autogpt/autogpt/commands/execute_code.py index dff993504..6aaa4b631 100644 --- a/autogpts/autogpt/autogpt/commands/execute_code.py +++ b/autogpts/autogpt/autogpt/commands/execute_code.py @@ -34,6 +34,28 @@ ALLOWLIST_CONTROL = "allowlist" DENYLIST_CONTROL = "denylist" +def we_are_running_in_a_docker_container() -> bool: + """Check if we are running in a Docker container + + Returns: + bool: True if we are running in a Docker container, False otherwise + """ + return os.path.exists("/.dockerenv") + + +def is_docker_available() -> bool: + """Check if Docker is available + + Returns: + bool: True if Docker is available, False otherwise""" + try: + client = docker.from_env() + client.ping() + return True + except Exception: + return False + + @command( "execute_python_code", "Executes the given Python code inside a single-use Docker container" @@ -45,6 +67,10 @@ DENYLIST_CONTROL = "denylist" required=True, ), }, + disabled_reason="To execute python code agent " + "must be running in a Docker container or " + "Docker must be available on the system.", + available=we_are_running_in_a_docker_container() or is_docker_available(), ) def execute_python_code(code: str, agent: Agent) -> str: """ @@ -92,6 +118,10 @@ def execute_python_code(code: str, agent: Agent) -> str: items=JSONSchema(type=JSONSchema.Type.STRING), ), }, + disabled_reason="To execute python code agent " + "must be running in a Docker container or " + "Docker must be available on the system.", + available=we_are_running_in_a_docker_container() or is_docker_available(), ) @sanitize_path_arg("filename") def execute_python_file( @@ -354,12 +384,3 @@ def execute_shell_popen(command_line: str, agent: Agent) -> str: os.chdir(current_dir) return f"Subprocess started with PID:'{str(process.pid)}'" - - -def we_are_running_in_a_docker_container() -> bool: - """Check if we are running in a Docker container - - Returns: - bool: True if we are running in a Docker container, False otherwise - """ - return os.path.exists("/.dockerenv") |