fix(llama-index-vector-stores-db2): escape SQL string literals to prevent injection#21590
Open
pwilkin wants to merge 1 commit intorun-llama:mainfrom
Open
fix(llama-index-vector-stores-db2): escape SQL string literals to prevent injection#21590pwilkin wants to merge 1 commit intorun-llama:mainfrom
pwilkin wants to merge 1 commit intorun-llama:mainfrom
Conversation
…vent injection (CVE-2025-1793 follow-up) The DB2 vector store was added after CVE-2025-1793 was fixed but contained the same vulnerable pattern: f-string interpolation of user-controlled values into SQL without escaping. Three sinks are patched: 1. delete(ref_doc_id) – base.py:333 2. query() via _stringify_list(query.doc_ids) – base.py:117+349 3. query() via _append_meta_filter_condition – base.py:271 Also fixes _escape_str to use Db2-standard quote-doubling ('' instead of \') which is the correct escaping mechanism for IBM Db2 SQL string literals. Fixes huntr.dev report (TODO: fill in report ID after submission).
dosubot
Bot
added
the
size:S
Author
|
Note: some other stores added after the previous CVE fix are also vulnerable since they have the same lack-of-sanitation bug (azurecosmos, alibabacloud-openserach, azureaisearch, dashvector), but they're not SQL stores so likely less severe (still should probably be patched). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes SQL injection vulnerabilities in the IBM Db2 vector store (
llama-index-vector-stores-db2). This package was added after CVE-2025-1793 (multi-store SQLi) was patched, but was not included in that fix — it contains the same vulnerable pattern of f-string interpolation of user-controlled values into SQL.Vulnerability Details
Three sinks are patched:
delete(ref_doc_id)atbase.py:333ddl = f"DELETE FROM {self.table_name} WHERE doc_id = '{ref_doc_id}'"ref_doc_idis interpolated without escaping.query()via_stringify_list(query.doc_ids)atbase.py:117+349where_str = f"doc_id in {_stringify_list(query.doc_ids)}"query()via_append_meta_filter_conditionatbase.py:271filter_str = f"JSON_VALUE(..., '$.{filter_item.key}') = '{filter_item.value}'"keyandvalueare interpolated without escaping.Fix
Applied
_escape_str()(existing helper) to all user-controlled string values interpolated into SQL. Also corrected_escape_str()to use Db2-standard quote-doubling ('') instead of backslash escaping, which Db2 does not support.Verification
mainRelated