fix: remove /debug/exec endpoint that allows authenticated RCE via exec() (#2178)

The /api/v1/system/debug/exec endpoint passes user-supplied HTTP body directly to Python exec(), enabling arbitrary code execution for any authenticated user when debug_mode is enabled. This is a critical security risk (CWE-94): a single misconfiguration or compromised JWT grants full server-side code execution. Remove the endpoint entirely. The /debug/plugin/action endpoint (which does not use exec()) is left intact as it serves a different, scoped purpose. Co-authored-by: Junyan Chin <rockchinq@gmail.com>
2026-06-04 12:56:02 +00:00 · 2026-05-18 17:53:39 +01:00
parent 688202e7d1
commit f0061817ea
2 changed files with 66 additions and 11 deletions
--- a/src/langbot/pkg/api/http/controller/groups/system.py
+++ b/src/langbot/pkg/api/http/controller/groups/system.py
@@ -140,17 +140,6 @@ class SystemRouterGroup(group.RouterGroup):
        async def _() -> str:
            return self.success(data=await self.ap.maintenance_service.get_storage_analysis())

-        @self.route('/debug/exec', methods=['POST'], auth_type=group.AuthType.USER_TOKEN)
-        async def _() -> str:
-            if not constants.debug_mode:
-                return self.http_status(403, 403, 'Forbidden')
-
-            py_code = await quart.request.data
-
-            ap = self.ap
-
-            return self.success(data=exec(py_code, {'ap': ap}))
-
        @self.route(
            '/debug/plugin/action',
            methods=['POST'],