anything-llm icon indicating copy to clipboard operation
anything-llm copied to clipboard
Published 2 weeks ago verified publisher icon Mintplex-Labs

[BUG]: Embed API Improvements

Open chalitbkb opened this issue 1 year ago • 4 comments

How are you running AnythingLLM?

All versions

What happened?

The API is unsafe when I use the 'embed' feature on my website. I can intercept all API requests, which I can then exploit anywhere. This needs to be fixed urgently. Even the 'sessionId' can be altered to bypass the existing limitations on the number of requests per session.

image

Are there known steps to reproduce?

No response

chalitbkb avatar May 13 '24 11:05 chalitbkb

The session ID is not a security feature. It is how chats are referenced to keep their history consistent on page loads. This exists in lieu of the ability to track by a user id.

timothycarambat avatar May 13 '24 16:05 timothycarambat

The session ID is not a security feature. It is how chats are referenced to keep their history consistent on page loads. This exists in lieu of the ability to track by a user id.

I understand what you mean, but why can I intercept API requests and use them elsewhere? For example, I capture the URL endpoint, headers, and body to create a backend with Node.js. Then I try sending a POST request. It can send the request, but from a security standard perspective, this shouldn't be the case. You should encrypt the data using something like the 'crypto-js module' or similar before sending the request to prevent unauthorized use elsewhere.

I believe that if I were to examine the chatbox of others using the 'anything-llm' service, I am confident that I could intercept their requests and then use them elsewhere, which means I could send unlimited requests anywhere.

chalitbkb avatar May 13 '24 16:05 chalitbkb

This would just be CORS blocking from the Origin header, which of course can always be spoofed with tools like Burpsuite. The embed chat functionality was added because many people wanted to just expose something like this but we warn this in the embed config styleguide https://github.com/Mintplex-Labs/anything-llm/tree/master/embed#security

I dont disagree with you that this is an annoyance and likely should not be enabled. Does the domain allowlist not improve this? https://github.com/Mintplex-Labs/anything-llm/blob/2fabc845789fb60f078c092fb6b5bd6aed1c3475/server/utils/middleware/embedMiddleware.js#L65

It does not prevent a session ID rotation or replay. We could add an IP logger and restrict based on IP, but this still does not make that whole endpoint more robust since all of these client side things can be spoofed? I think that could be a good improvement though?

timothycarambat avatar May 13 '24 20:05 timothycarambat

This would just be CORS blocking from the Origin header, which of course can always be spoofed with tools like Burpsuite. The embed chat functionality was added because many people wanted to just expose something like this but we warn this in the embed config styleguide https://github.com/Mintplex-Labs/anything-llm/tree/master/embed#security

I dont disagree with you that this is an annoyance and likely should not be enabled. Does the domain allowlist not improve this? https://github.com/Mintplex-Labs/anything-llm/blob/2fabc845789fb60f078c092fb6b5bd6aed1c3475/server/utils/middleware/embedMiddleware.js#L65

It does not prevent a session ID rotation or replay. We could add an IP logger and restrict based on IP, but this still does not make that whole endpoint more robust since all of these client side things can be spoofed? I think that could be a good improvement though?

Yes, sir, you understand correctly just as you thought.

chalitbkb avatar May 13 '24 20:05 chalitbkb