From 09298a32e7a5f7a37463e745d3b8ff602f8c7f41 Mon Sep 17 00:00:00 2001
From: takatost <takatost@users.noreply.github.com>
Date: Wed, 5 Jun 2024 00:46:22 +0800
Subject: [PATCH] fix: vanna CVE-2024-5565 by disable visualize of ask func
 (#4930)

---
 api/core/tools/provider/builtin/vanna/tools/vanna.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/api/core/tools/provider/builtin/vanna/tools/vanna.py b/api/core/tools/provider/builtin/vanna/tools/vanna.py
index bbc21cc107..a6efb0f79a 100644
--- a/api/core/tools/provider/builtin/vanna/tools/vanna.py
+++ b/api/core/tools/provider/builtin/vanna/tools/vanna.py
@@ -102,7 +102,17 @@ class VannaTool(BuiltinTool):
             if memos:
                 vn.train(documentation=memos)
 
-        generate_chart = tool_parameters.get("generate_chart", True)
+        #########################################################################################
+        # Due to CVE-2024-5565, we have to disable the chart generation feature
+        # The Vanna library uses a prompt function to present the user with visualized results,
+        # it is possible to alter the prompt using prompt injection and run arbitrary Python code
+        # instead of the intended visualization code.
+        # Specifically - allowing external input to the library’s “ask” method
+        # with "visualize" set to True (default behavior) leads to remote code execution.
+        # Affected versions: <= 0.5.5
+        #########################################################################################
+        generate_chart = False
+        # generate_chart = tool_parameters.get("generate_chart", True)
         res = vn.ask(prompt, False, True, generate_chart)
 
         result = []