Skip to content

Commit

Permalink
Revert "feat: chat with insecure output handling vulnerability (#341)"
Browse files Browse the repository at this point in the history
This reverts commit 80f0387.
  • Loading branch information
rielas committed Jun 13, 2024
1 parent ff6fa7a commit 44907eb
Show file tree
Hide file tree
Showing 20 changed files with 438 additions and 529 deletions.
6 changes: 0 additions & 6 deletions .env
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,3 @@ KEYCLOAK_PUBLIC_CLIENT_SECRET=4bfb5df6-4647-46dd-bad1-c8b8ffd7caf4
BRIGHT_TOKEN=
BRIGHT_CLUSTER=app.neuralegion.com
SEC_TESTER_TARGET=http://localhost:8090

CHAT_API_URL=https://api-inference.huggingface.co/v1/chat/completions
CHAT_API_MODEL=meta-llama/Meta-Llama-3-8B-Instruct
CHAT_API_MAX_TOKENS=1000
CHAT_API_TOKEN=

4 changes: 0 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,3 @@ Additionally, the endpoint PUT /api/users/one/{email}/photo accepts SVG images,
To exploit the EP you can dispatch a request as such `/api/email/sendSupportEmail?name=Bob&to=username%40email.com%0aCc:%[email protected]&subject=Help%20Request&content=I%20would%20like%20to%20request%20help%20regarding`.
This will lead to the sending of a mail to both `[email protected]` and `[email protected]` (as the Cc).
Note: This EP is also vulnerable to `Server side prototype pollution`, as mentioned in this README.

* **Insecure Output Handling** - The `/chat` route is vulnerable to non-sanitized output originating from the LLM response.
Issue a `POST /api/chat` request with body payload like `[{"content": "Provide a minimal html markup for img tag with invalid source and onerror attribute with alert", "role": "user"}]`.
The response will include raw HTML code. If this output is not properly sanitized before rendering, it can trigger an alert box in the user interface.
91 changes: 2 additions & 89 deletions client/public/assets/css/style.css
Original file line number Diff line number Diff line change
Expand Up @@ -577,7 +577,7 @@ section {
margin-left: 20%;
margin-right: 20%;
max-width: -webkit-fill-available;
margin-top: 15px;
margin-top: 15px
}

.section-title h2 {
Expand Down Expand Up @@ -1789,91 +1789,4 @@ section {

.warning-text {
color: #ff0000;
}

/*--------------------------------------------------------------
# Chat
--------------------------------------------------------------*/
.chat .container {
max-width: 960px;
}

.chat .messages {
display: flex;
flex-direction: column;
border: 1px solid #ccc;
margin-bottom: 10px;
padding: 10px;
border-radius: 4px;
overflow-y: auto;
min-height: 50vh;
max-height: calc(100vh - 280px);
}

.chat .message {
margin-top: 10px;
padding: 4px 8px;
border-radius: 8px;
color: white;
white-space: pre-wrap;
max-width: 80%;
}

.chat .message-role-user {
align-self: end;
background-color: #0297a4;
}

.chat .message-role-assistant {
align-self: start;
background-color: #4272d7;
}

.chat .message-role-assistant.message-error {
background-color: #ff5828;
}

.chat .input-area {
display: flex;
}

.chat .input-area textarea {
width: 100%;
min-height: 50px;
border-radius: 4px 0 0 4px;
}

.chat .input-area button {
border-radius: 0 4px 4px 0;
}

.chat .message-loading .animated-dots span {
animation-name: blink;
animation-duration: 1.4s;
animation-iteration-count: infinite;
animation-fill-mode: both;
}

.chat .message-loading .animated-dots span:nth-child(1) {
animation-delay: 0s;
}

.chat .message-loading .animated-dots span:nth-child(2) {
animation-delay: 0.2s;
}

.chat .message-loading .animated-dots span:nth-child(3) {
animation-delay: 0.4s;
}

@keyframes blink {
0% {
opacity: 0;
}
50% {
opacity: 1;
}
100% {
opacity: 0;
}
}
}
3 changes: 1 addition & 2 deletions client/src/api/ApiUrl.ts
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,5 @@ export enum ApiUrl {
File = '/api/file',
NestedJson = '/api/nestedJson',
Partners = '/api/partners',
Email = '/api/email',
Chat = '/api/chat'
Email = '/api/email'
}
11 changes: 0 additions & 11 deletions client/src/api/httpClient.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ import {
} from '../interfaces/User';
import { Product } from '../interfaces/Product';
import { OidcClient } from '../interfaces/Auth';
import { ChatMessage } from '../interfaces/ChatMessage';
import { ApiUrl } from './ApiUrl';
import { makeApiRequest } from './makeApiRequest';

Expand Down Expand Up @@ -332,13 +331,3 @@ export function sendSupportEmailRequest(
method: 'get'
});
}

export function queryChat(messages: ChatMessage[]): Promise<string> {
return makeApiRequest({
url: `${ApiUrl.Chat}/query`,
method: 'post',
data: messages
}).then((res) => {
return typeof res === 'string' ? res : '';
});
}
4 changes: 0 additions & 4 deletions client/src/interfaces/ChatMessage.ts

This file was deleted.

18 changes: 0 additions & 18 deletions client/src/pages/chat/Chat.tsx

This file was deleted.

122 changes: 0 additions & 122 deletions client/src/pages/chat/ChatWidget.tsx

This file was deleted.

5 changes: 0 additions & 5 deletions client/src/pages/main/Header/Nav.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,6 @@ const menu: Array<MenuItem> = [
path: '/marketplace?portfolio_query_filter=&videosrc=https://www.youtube-nocookie.com/embed/MPYlxeG-8_w?controls=0',
newTab: false
},
{
name: 'Chat',
path: '/chat',
newTab: false
},
{ name: 'Edit user data', path: RoutePath.Userprofile, newTab: false },
{
name: 'Adminmenu',
Expand Down
3 changes: 1 addition & 2 deletions client/src/router/RoutePath.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,5 @@ export enum RoutePath {
Marketplace = '/marketplace',
Userprofile = '/userprofile',
Adminpage = '/adminpage',
Dashboard = '/dashboard',
Chat = '/chat'
Dashboard = '/dashboard'
}
11 changes: 0 additions & 11 deletions client/src/router/Routes.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ import Userprofile from '../pages/main/Userprofile';
import AdminPage from '../pages/auth/AdminPage';
import PasswordCheck from '../pages/auth/LoginNew/PasswordCheck';
import Dashboard from '../pages/auth/Dashboard';
import Chat from '../pages/chat/Chat';

export const Routes: FC = () => {
const user = sessionStorage.getItem('email') || localStorage.getItem('email');
Expand Down Expand Up @@ -79,16 +78,6 @@ export const Routes: FC = () => {
)}
</Route>

<Route path={RoutePath.Chat}>
{user ? (
<Chat />
) : (
<Redirect
to={{ pathname: RoutePath.Login, state: { from: '/chat' } }}
/>
)}
</Route>

<Route path="*">
<Redirect to={{ pathname: RoutePath.Home }} />
<Main />
Expand Down
Loading

0 comments on commit 44907eb

Please sign in to comment.