From 20ab6aad4ab73b6843bc3b79e07c87f3a16fd771 Mon Sep 17 00:00:00 2001
From: liu an <asiro@qq.com>
Date: Wed, 28 May 2025 11:47:22 +0800
Subject: [PATCH] Fix: patch SSTI vulnerability in template rendering (#7905)

### What problem does this PR solve?

[[Critical] RagFlow has a SSTI, which can lead to Remote Code Execution
(RCE).](https://github.com/infiniflow/ragflow/security/advisories/GHSA-mrf5-7w8r-8x88#event-463508)

### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)
---
 agent/component/template.py | 27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/agent/component/template.py b/agent/component/template.py
index b54b93d56..1b450a251 100644
--- a/agent/component/template.py
+++ b/agent/component/template.py
@@ -15,8 +15,11 @@
 #
 import json
 import re
+
+from jinja2 import StrictUndefined
+from jinja2.sandbox import SandboxedEnvironment
+
 from agent.component.base import ComponentBase, ComponentParamBase
-from jinja2 import Template as Jinja2Template
 
 
 class TemplateParam(ComponentParamBase):
@@ -95,13 +98,15 @@ class Template(ComponentBase):
 
             result = ""
             if "content" in out.columns:
-                result = "\n".join(
-                    [o if isinstance(o, str) else str(o) for o in out["content"]]
-                )
+                result = "\n".join([o if isinstance(o, str) else str(o) for o in out["content"]])
 
             self.make_kwargs(para, kwargs, result)
 
-        template = Jinja2Template(content)
+        env = SandboxedEnvironment(
+            autoescape=True,
+            undefined=StrictUndefined,
+        )
+        template = env.from_string(content)
 
         try:
             content = template.render(kwargs)
@@ -114,19 +119,13 @@ class Template(ComponentBase):
                     v = json.dumps(v, ensure_ascii=False)
                 except Exception:
                     pass
-            content = re.sub(
-                r"\{%s\}" % re.escape(n), v, content
-            )
-            content = re.sub(
-                r"(#+)", r" \1 ", content
-            )
+            content = re.sub(r"\{%s\}" % re.escape(n), v, content)
+            content = re.sub(r"(#+)", r" \1 ", content)
 
         return Template.be_output(content)
 
     def make_kwargs(self, para, kwargs, value):
-        self._param.inputs.append(
-            {"component_id": para["key"], "content": value}
-        )
+        self._param.inputs.append({"component_id": para["key"], "content": value})
         try:
             value = json.loads(value)
         except Exception: