Fix: patch SSTI vulnerability in template rendering (#7905)

### What problem does this PR solve? [[Critical] RagFlow has a SSTI, which can lead to Remote Code Execution (RCE).](https://github.com/infiniflow/ragflow/security/advisories/GHSA-mrf5-7w8r-8x88#event-463508) ### Type of change - [x] Bug Fix (non-breaking change which fixes an issue)
2025-08-10 16:59:01 +08:00 · 2025-05-28 11:47:22 +08:00 · 2025-05-28 11:47:22 +08:00 · 20ab6aad4a
commit 20ab6aad4a
parent a71376ad6a
1 changed files with 13 additions and 14 deletions
--- a/agent/component/template.py
+++ b/agent/component/template.py
@ -15,8 +15,11 @@
 #
 import json
 import re
+
+from jinja2 import StrictUndefined
+from jinja2.sandbox import SandboxedEnvironment
+
 from agent.component.base import ComponentBase, ComponentParamBase
-from jinja2 import Template as Jinja2Template


 class TemplateParam(ComponentParamBase):
@ -95,13 +98,15 @@ class Template(ComponentBase):

            result = ""
            if "content" in out.columns:
-                result = "\n".join(
-                    [o if isinstance(o, str) else str(o) for o in out["content"]]
-                )
+                result = "\n".join([o if isinstance(o, str) else str(o) for o in out["content"]])

            self.make_kwargs(para, kwargs, result)

-        template = Jinja2Template(content)
+        env = SandboxedEnvironment(
+            autoescape=True,
+            undefined=StrictUndefined,
+        )
+        template = env.from_string(content)

        try:
            content = template.render(kwargs)
@ -114,19 +119,13 @@ class Template(ComponentBase):
                    v = json.dumps(v, ensure_ascii=False)
                except Exception:
                    pass
-            content = re.sub(
-                r"\{%s\}" % re.escape(n), v, content
-            )
-            content = re.sub(
-                r"(#+)", r" \1 ", content
-            )
+            content = re.sub(r"\{%s\}" % re.escape(n), v, content)
+            content = re.sub(r"(#+)", r" \1 ", content)

        return Template.be_output(content)

    def make_kwargs(self, para, kwargs, value):
-        self._param.inputs.append(
-            {"component_id": para["key"], "content": value}
-        )
+        self._param.inputs.append({"component_id": para["key"], "content": value})
        try:
            value = json.loads(value)
        except Exception: