top | item 44954242

(no title)

curuinor | 6 months ago

hey, this is Howon from CodeRabbit here. we wish to note that this RCE was reported and fixed in January. it was entirely prospective and no customer data was affected. we have extensive sandboxing for basically any execution of anything now, including any and every tool and all generated code of any kind under the CodeRabbit umbrella.

if you want to learn how CodeRabbit does the isolation, here's a blog post about how: https://cloud.google.com/blog/products/ai-machine-learning/h...

discuss

mpeg|6 months ago

Where can we find the blog post you made back in January about the RCE fix explaining what measures you took to check if any customer data had been affected?

cleverwebb|6 months ago

how do you know that no customer data was affected? did you work with github and scan all uses of your keys? how do you know if a use of your github key was authentic or not? did you check with anthroipic/openai/etc to scan logs usage?

It's really hard to trust a "hey we got this guys" statement after a fuckup this big

Xunjin|6 months ago

That's why countries should start to legislate on these matters, there are no incentives in focusing on security and properly report to the customers such vulnerability.

xign|6 months ago

Notice how replies like this never get a response?

thyrfa|6 months ago

How can you guarantee that nobody ripped the private key before the researcher told you about the issue though?

KingOfCoders|6 months ago

Or has a backdoor installed somewhere?

blibble|6 months ago

if they can't guarantee this then every single repo that had coderabbit is potentially compromised

frankfrank13|6 months ago

Reading this, its not clear how your blog posts relates:

1. You run git clone inside the GCR function, so, you have at the very least a user token for the git provider

2. RCE exploit basically used the external tools, like a static analysis checker, which again, is inside your GCR function

3. As a contrived example, if I could RCE `console.log(process.env)` then seemingly I could do `fetch(mywebsite....`

I get it, you can hand wave some amount of "VPC" and "sandbox" here. But, you're still executing code, explicitly labeling it "untrusted" and "sandboxed" doesn't excuse it.

progbits|6 months ago

> no customer data was affected

Someone could have taken the private github key and cloned your customers' private repos.

You would need to audit every single access to github made via your app since the beginning and link it somehow to your side. Did you do this?

yunohn|6 months ago

While I fully understand that things sometimes get missed, it just seems really bizarre to me that somehow “sandboxing/isolation” was never considered prior to this incident. To me, it feels like the first thing to implement in a system that is explicitly built to run third party untrusted code?

wging|6 months ago

The article seems to imply that something of the sort had actually been attempted prior to the incident, but was either incomplete or buggy. I'm not sure the details would be entirely exculpatory, but unless you want to flatly disbelieve their statements, "not considered" isn't quite right.

> After responsibly disclosing this critical vulnerability to the CodeRabbit team, we learned from them that they had an isolation mechanism in place, but Rubocop somehow was not running inside it.

roywiggins|6 months ago

It seems to me that they thought the linter would be safe to run as it wasn't meant to actually run untrusted code, just statically analyze it.

elpakal|6 months ago

> Sandboxing: All Cloud Run instances are sandboxed with two layers of sandboxing and can be configured to have minimal IAM permissions via dedicated service identity. In addition, CodeRabbit is leveraging Cloud Run's second generation execution environment, a microVM providing full Linux cgroup functionality. Within each Cloud Run instance, CodeRabbit uses Jailkit to create isolated processes and cgroups to further restrict the privileges of the jailed process.

In case you don't want to read through the PR

0x457|6 months ago

I don't get it, if you're running on linux then just use Landlock LSM inside a VM.

KingOfCoders|6 months ago

The chuzpe to use this as PR.

woodruffw|6 months ago

Off topic, but: chutzpah is the conventional English spelling :-)

Edit: I'm this old when I learned that Germans spell it "chuzpe."

Xunjin|6 months ago

Silicon Valley sitcom comedy moment right here.

tadfisher|6 months ago

But do you still store your GH API private key in environment variables?

curuinor|6 months ago

hey, this is Howon from CodeRabbit. We use a cloud-provider-provided key vault for application secrets, including GH private key.

smsm42|6 months ago

The word "now" here is kinda worrying tbh. How was it a good idea to release and sell this product before it has been the case?

jsbg|6 months ago

wild to comment this