Sultan
/
Flowise
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #557 from FlowiseAI/bugfix/VM2-Security 

Bugfix/VM2 security
This commit is contained in:
Henry Heng 2023-07-17 22:31:37 +01:00 committed by GitHub
parent fe6c56a869 13622ba0ae
commit 12b4519848
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 72 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
README.md
View File

@ -130,17 +130,19 @@ FLOWISE_PASSWORD=1234
Flowise support different environment variables to configure your instance. You can specify the following variables in the `.env` file inside `packages/server` folder. Read [more](https://docs.flowiseai.com/environment-variables) Flowise support different environment variables to configure your instance. You can specify the following variables in the `.env` file inside `packages/server` folder. Read [more](https://docs.flowiseai.com/environment-variables)
| Variable | Description | Type | Default | | Variable | Description | Type | Default |
| ---------------- | ---------------------------------------------------------------- | ------------------------------------------------ | ----------------------------------- | | -------------------------- | ---------------------------------------------------------------- | ------------------------------------------------ | ----------------------------------- |
| PORT | The HTTP port Flowise runs on | Number | 3000 | | PORT | The HTTP port Flowise runs on | Number | 3000 |
| FLOWISE_USERNAME | Username to login | String | | FLOWISE_USERNAME | Username to login | String |
| FLOWISE_PASSWORD | Password to login | String | | FLOWISE_PASSWORD | Password to login | String |
| DEBUG | Print logs onto terminal/console | Boolean | | DEBUG | Print logs onto terminal/console | Boolean |
| LOG_PATH | Location where log files are stored | String | `your-path/Flowise/packages/server` | | LOG_PATH | Location where log files are stored | String | `your-path/Flowise/packages/server` |
| LOG_LEVEL | Different log levels for loggers to be saved | Enum String: `error`, `info`, `verbose`, `debug` | `info` | | LOG_LEVEL | Different log levels for loggers to be saved | Enum String: `error`, `info`, `verbose`, `debug` | `info` |
| DATABASE_PATH | Location where database is saved | String | `your-home-dir/.flowise` | | DATABASE_PATH | Location where database is saved | String | `your-home-dir/.flowise` |
| APIKEY_PATH | Location where api keys are saved | String | `your-path/Flowise/packages/server` | | APIKEY_PATH | Location where api keys are saved | String | `your-path/Flowise/packages/server` |
| EXECUTION_MODE | Whether predictions run in their own process or the main process | Enum String: `child`, `main` | `main` | | EXECUTION_MODE | Whether predictions run in their own process or the main process | Enum String: `child`, `main` | `main` |
| TOOL_FUNCTION_BUILTIN_DEP | NodeJS built-in modules to be used for Tool Function | String | |
| TOOL_FUNCTION_EXTERNAL_DEP | External modules to be used for Tool Function | String | |
You can also specify the env variables when using `npx`. For example: You can also specify the env variables when using `npx`. For example:

2
docker/.env.example
View File

@ -7,3 +7,5 @@ LOG_PATH=/root/.flowise/logs
# DEBUG=true # DEBUG=true
# LOG_LEVEL=debug (error | warn | info | verbose | debug) # LOG_LEVEL=debug (error | warn | info | verbose | debug)
# EXECUTION_MODE=child or main # EXECUTION_MODE=child or main
# TOOL_FUNCTION_BUILTIN_DEP=crypto,fs
# TOOL_FUNCTION_EXTERNAL_DEP=moment,lodash

24
docker/README.md
View File

@ -33,14 +33,16 @@ If you like to persist your data (flows, logs, apikeys), set these variables in
Flowise also support different environment variables to configure your instance. Read [more](https://docs.flowiseai.com/environment-variables) Flowise also support different environment variables to configure your instance. Read [more](https://docs.flowiseai.com/environment-variables)
| Variable | Description | Type | Default | | Variable | Description | Type | Default |
| ---------------- | ---------------------------------------------------------------- | ------------------------------------------------ | ----------------------------------- | | -------------------------- | ---------------------------------------------------------------- | ------------------------------------------------ | ----------------------------------- |
| PORT | The HTTP port Flowise runs on | Number | 3000 | | PORT | The HTTP port Flowise runs on | Number | 3000 |
| FLOWISE_USERNAME | Username to login | String | | FLOWISE_USERNAME | Username to login | String |
| FLOWISE_PASSWORD | Password to login | String | | FLOWISE_PASSWORD | Password to login | String |
| DEBUG | Print logs onto terminal/console | Boolean | | DEBUG | Print logs onto terminal/console | Boolean |
| LOG_PATH | Location where log files are stored | String | `your-path/Flowise/packages/server` | | LOG_PATH | Location where log files are stored | String | `your-path/Flowise/packages/server` |
| LOG_LEVEL | Different log levels for loggers to be saved | Enum String: `error`, `info`, `verbose`, `debug` | `info` | | LOG_LEVEL | Different log levels for loggers to be saved | Enum String: `error`, `info`, `verbose`, `debug` | `info` |
| DATABASE_PATH | Location where database is saved | String | `your-home-dir/.flowise` | | DATABASE_PATH | Location where database is saved | String | `your-home-dir/.flowise` |
| APIKEY_PATH | Location where api keys are saved | String | `your-path/Flowise/packages/server` | | APIKEY_PATH | Location where api keys are saved | String | `your-path/Flowise/packages/server` |
| EXECUTION_MODE | Whether predictions run in their own process or the main process | Enum String: `child`, `main` | `main` | | EXECUTION_MODE | Whether predictions run in their own process or the main process | Enum String: `child`, `main` | `main` |
| TOOL_FUNCTION_BUILTIN_DEP | NodeJS built-in modules to be used for Tool Function | String | |
| TOOL_FUNCTION_EXTERNAL_DEP | External modules to be used for Tool Function | String | |

36
packages/components/nodes/tools/CustomTool/core.ts
View File

@ -51,25 +51,37 @@ export class DynamicStructuredTool<
} }
} }
const defaultAllowBuiltInDep = [
'assert',
'buffer',
'crypto',
'events',
'http',
'https',
'net',
'path',
'querystring',
'timers',
'tls',
'url',
'zlib'
]
const builtinDeps = process.env.TOOL_FUNCTION_BUILTIN_DEP
? defaultAllowBuiltInDep.concat(process.env.TOOL_FUNCTION_BUILTIN_DEP.split(','))
: defaultAllowBuiltInDep
const externalDeps = process.env.TOOL_FUNCTION_EXTERNAL_DEP ? process.env.TOOL_FUNCTION_EXTERNAL_DEP.split(',') : []
const deps = availableDependencies.concat(externalDeps)
const options = { const options = {
console: 'inherit', console: 'inherit',
sandbox, sandbox,
require: { require: {
external: false as boolean | { modules: string[] }, external: { modules: deps },
builtin: ['*'] builtin: builtinDeps
} }
} as any } as any
const external = JSON.stringify(availableDependencies)
if (external) {
const deps = JSON.parse(external)
if (deps && deps.length) {
options.require.external = {
modules: deps
}
}
}
const vm = new NodeVM(options) const vm = new NodeVM(options)
const response = await vm.run(`module.exports = async function() {${this.code}}()`, __dirname) const response = await vm.run(`module.exports = async function() {${this.code}}()`, __dirname)

2
packages/server/.env.example
View File

@ -7,3 +7,5 @@ PORT=3000
# LOG_PATH=/your_log_path/.flowise/logs # LOG_PATH=/your_log_path/.flowise/logs
# LOG_LEVEL=debug (error | warn | info | verbose | debug) # LOG_LEVEL=debug (error | warn | info | verbose | debug)
# EXECUTION_MODE=main (child | main) # EXECUTION_MODE=main (child | main)
# TOOL_FUNCTION_BUILTIN_DEP=crypto,fs
# TOOL_FUNCTION_EXTERNAL_DEP=moment,lodash

24
packages/server/README.md
View File

@ -33,17 +33,19 @@ FLOWISE_PASSWORD=1234
Flowise support different environment variables to configure your instance. You can specify the following variables in the `.env` file inside `packages/server` folder. Read [more](https://docs.flowiseai.com/environment-variables) Flowise support different environment variables to configure your instance. You can specify the following variables in the `.env` file inside `packages/server` folder. Read [more](https://docs.flowiseai.com/environment-variables)
| Variable | Description | Type | Default | | Variable | Description | Type | Default |
| ---------------- | ---------------------------------------------------------------- | ------------------------------------------------ | ----------------------------------- | | -------------------------- | ---------------------------------------------------------------- | ------------------------------------------------ | ----------------------------------- |
| PORT | The HTTP port Flowise runs on | Number | 3000 | | PORT | The HTTP port Flowise runs on | Number | 3000 |
| FLOWISE_USERNAME | Username to login | String | | FLOWISE_USERNAME | Username to login | String |
| FLOWISE_PASSWORD | Password to login | String | | FLOWISE_PASSWORD | Password to login | String |
| DEBUG | Print logs onto terminal/console | Boolean | | DEBUG | Print logs onto terminal/console | Boolean |
| LOG_PATH | Location where log files are stored | String | `your-path/Flowise/packages/server` | | LOG_PATH | Location where log files are stored | String | `your-path/Flowise/packages/server` |
| LOG_LEVEL | Different log levels for loggers to be saved | Enum String: `error`, `info`, `verbose`, `debug` | `info` | | LOG_LEVEL | Different log levels for loggers to be saved | Enum String: `error`, `info`, `verbose`, `debug` | `info` |
| DATABASE_PATH | Location where database is saved | String | `your-home-dir/.flowise` | | DATABASE_PATH | Location where database is saved | String | `your-home-dir/.flowise` |
| APIKEY_PATH | Location where api keys are saved | String | `your-path/Flowise/packages/server` | | APIKEY_PATH | Location where api keys are saved | String | `your-path/Flowise/packages/server` |
| EXECUTION_MODE | Whether predictions run in their own process or the main process | Enum String: `child`, `main` | `main` | | EXECUTION_MODE | Whether predictions run in their own process or the main process | Enum String: `child`, `main` | `main` |
| TOOL_FUNCTION_BUILTIN_DEP | NodeJS built-in modules to be used for Tool Function | String | |
| TOOL_FUNCTION_EXTERNAL_DEP | External modules to be used for Tool Function | String | |
You can also specify the env variables when using `npx`. For example: You can also specify the env variables when using `npx`. For example:

6
packages/server/src/commands/start.ts
View File

@ -24,7 +24,9 @@ export default class Start extends Command {
APIKEY_PATH: Flags.string(), APIKEY_PATH: Flags.string(),
LOG_PATH: Flags.string(), LOG_PATH: Flags.string(),
LOG_LEVEL: Flags.string(), LOG_LEVEL: Flags.string(),
EXECUTION_MODE: Flags.string() EXECUTION_MODE: Flags.string(),
TOOL_FUNCTION_BUILTIN_DEP: Flags.string(),
TOOL_FUNCTION_EXTERNAL_DEP: Flags.string()
} }
async stopProcess() { async stopProcess() {
@ -65,6 +67,8 @@ export default class Start extends Command {
if (flags.LOG_LEVEL) process.env.LOG_LEVEL = flags.LOG_LEVEL if (flags.LOG_LEVEL) process.env.LOG_LEVEL = flags.LOG_LEVEL
if (flags.EXECUTION_MODE) process.env.EXECUTION_MODE = flags.EXECUTION_MODE if (flags.EXECUTION_MODE) process.env.EXECUTION_MODE = flags.EXECUTION_MODE
if (flags.DEBUG) process.env.DEBUG = flags.DEBUG if (flags.DEBUG) process.env.DEBUG = flags.DEBUG
if (flags.TOOL_FUNCTION_BUILTIN_DEP) process.env.TOOL_FUNCTION_BUILTIN_DEP = flags.TOOL_FUNCTION_BUILTIN_DEP
if (flags.TOOL_FUNCTION_EXTERNAL_DEP) process.env.TOOL_FUNCTION_EXTERNAL_DEP = flags.TOOL_FUNCTION_EXTERNAL_DEP
await (async () => { await (async () => {
try { try {