From db856cd8433a204c8b45979c70a4da1e119d949d Mon Sep 17 00:00:00 2001 From: Shuchang Zheng Date: Mon, 2 Jun 2025 23:03:49 -0700 Subject: [PATCH] fix jinja runtime leak (#2575) --- skyvern/forge/sdk/workflow/models/block.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/skyvern/forge/sdk/workflow/models/block.py b/skyvern/forge/sdk/workflow/models/block.py index a90e6a17..a43799d1 100644 --- a/skyvern/forge/sdk/workflow/models/block.py +++ b/skyvern/forge/sdk/workflow/models/block.py @@ -20,7 +20,7 @@ from urllib.parse import quote import filetype import structlog from email_validator import EmailNotValidError, validate_email -from jinja2 import Template +from jinja2.sandbox import SandboxedEnvironment from playwright.async_api import Page from pydantic import BaseModel, Field from pypdf import PdfReader @@ -77,6 +77,7 @@ from skyvern.webeye.browser_factory import BrowserState from skyvern.webeye.utils.page import SkyvernFrame LOG = structlog.get_logger() +jinja_sandbox_env = SandboxedEnvironment() class BlockType(StrEnum): @@ -184,7 +185,7 @@ class Block(BaseModel, abc.ABC): ) -> str: if not potential_template: return potential_template - template = Template(potential_template) + template = jinja_sandbox_env.from_string(potential_template) block_reference_data: dict[str, Any] = workflow_run_context.get_block_metadata(self.label) template_data = workflow_run_context.values.copy()