Skip to content

fix: remove --exec-script entrypoint to eliminate arbitrary code execution#690

Closed
arne-aignx wants to merge 1 commit into
mainfrom
fix/remove-exec-script-entrypoint
Closed

fix: remove --exec-script entrypoint to eliminate arbitrary code execution#690
arne-aignx wants to merge 1 commit into
mainfrom
fix/remove-exec-script-entrypoint

Conversation

@arne-aignx

Copy link
Copy Markdown
Collaborator

Why

The --exec-script flag in src/aignostics.py accepted arbitrary Python source code as a CLI argument and passed it directly to exec(). This was flagged by SonarCloud as a security risk: any process that can control sys.argv of the frozen desktop binary — including a compromised LLM agent running inside the app — could escape the process sandbox by injecting arbitrary Python.

The flag existed solely so the dataset module could spawn a subprocess that runs IDC download logic inside the PyInstaller-frozen binary (where python -c "..." is unavailable). The same need can be met without exec().

How

New worker module (src/aignostics/dataset/_download_worker.py): a dedicated subprocess entry point that reads its parameters from a JSON temp file and calls IDCClient.download_from_selection directly. No code generation, no exec.

Updated caller (src/aignostics/dataset/_service.py): instead of building a Python script string and passing it via --exec-script, the service now:

  1. Serialises the download parameters (IDs, paths, flags) to a NamedTemporaryFile as JSON
  2. Invokes the worker via --run-module aignostics.dataset._download_worker <config_file> (frozen) or -m aignostics.dataset._download_worker <config_file> (normal Python)
  3. Deletes the temp file in finally

Removed entrypoint (src/aignostics.py): the --exec-script branch and its exec() call are deleted entirely. The existing --run-module mechanism (which only invokes a module by name, not arbitrary code) is sufficient.

The attack surface is now: an attacker controlling sys.argv can name a module to run — they can no longer inject arbitrary Python source code.

@arne-aignx arne-aignx requested a review from a team as a code owner July 7, 2026 11:20
@arne-aignx arne-aignx added the skip:test:long_running Skip long-running tests (≥5min) label Jul 7, 2026
@codecov

codecov Bot commented Jul 7, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 5.55556% with 34 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
src/aignostics/dataset/_download_worker.py 0.00% 22 Missing ⚠️
src/aignostics/dataset/_service.py 15.38% 11 Missing ⚠️
src/aignostics.py 0.00% 1 Missing ⚠️

❗ There is a different number of reports uploaded between BASE (baa7e91) and HEAD (e8f605c). Click for more details.

HEAD has 4 uploads less than BASE
Flag BASE (baa7e91) HEAD (e8f605c)
5 1
Files with missing lines Coverage Δ
src/aignostics.py 0.00% <0.00%> (ø)
src/aignostics/dataset/_service.py 57.07% <15.38%> (-19.64%) ⬇️
src/aignostics/dataset/_download_worker.py 0.00% <0.00%> (ø)

... and 22 files with indirect coverage changes

This entrypoints might give LLMs or attackers the possibility to run arbitrary code in the client
@arne-aignx arne-aignx force-pushed the fix/remove-exec-script-entrypoint branch from 6eb7c2e to e8f605c Compare July 7, 2026 11:54
@sonarqubecloud

sonarqubecloud Bot commented Jul 7, 2026

Copy link
Copy Markdown

Quality Gate Failed Quality Gate failed

Failed conditions
4.7% Coverage on New Code (required ≥ 70%)

See analysis details on SonarQube Cloud

@arne-aignx arne-aignx closed this Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

skip:test:long_running Skip long-running tests (≥5min)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant