Mitigations for potential security risks in template parameter

[Yuan325]

Prerequisites

• Search the current open issues

What are you trying to do that currently feels hard or impossible?

The addition of templateParameters is valuable for Toolbox users. However, since template parameters can directly replace identifiers, column names, and table names, they are prone to SQL injections.

Do note that basic parameters are always preferred for performance and safety reasons.

Suggested Solution(s)

We are proposing two solutions to mitigate this risk.

(1) Adding an escape field to template parameter. If user uses templateParameter with this field, we will add double quotes (or backticks/square brackets depending on the db) to escape identifiers such as column names or table names.

tools:
 select_columns_from_table:
    kind: postgres-sql
    source: my-pg-instance
    statement: SELECT * FROM {{.tableName}};
    description: Use this tool to list all information from a specific table.
    templateParameters:
      - name: tableName
        type: string
        description: Table to select from
        escape: true

In the example above, the statement will resolve to SELECT * FROM "flight_table";. This method does reduces some risks but still prone to SQL injections.

(2) Adding a new allowedValues field in templateParameters that allows users to provide an allow-list. In the example below, tableName could be either flights_table or tickets_table. Any other values provided will cause an error and the query will NOT be performed.

tools:
 select_columns_from_table:
    kind: postgres-sql
    source: my-pg-instance
    statement: SELECT * FROM {{.tableName}}
    description: Use this tool to list all information from a specific table.
    templateParameters:
      - name: tableName
        type: string
        description: Table to select from
        allowedValues:
          - flights_table
          - tickets_table

Alternatives Considered

(2a) adding a new enum parameter type. Similar to allowedValues, we will instead add a new parameter type enum:

    templateParameters:
      - name: tableName
        type: enum
        description: Table to select from.
        enumType: string
        values:
          - flights_table
          - tickets_table

With this type, user can provide a list of values. There's also potential to support retrieving an allow-list from the description.

(3) Adding a flag --allow-unsafe-tools if user wants to use the templateParameters. Without the flag, users WILL NOT be able to use tools that have templateParameters.

(4) Adding a field for user to indicate runSingleStatement. The field will default to false. When specified, Toolbox will only grab the first statement (the statement before the first ;).

tools:
 select_columns_from_table:
    kind: postgres-sql
    source: my-pg-instance
    statement: SELECT * FROM {{.tableName}}
    runSingleStatement: true
    description: Use this tool to list all information from a specific table.

Additional Details

No response

[duwenxin99]

I think adding an "allowedValues" field and making it required for template parameters is the best way to ensure security in our case. Allow list a standard measure to prevent SQL injections and by making it required, we make sure that users adopt this security measure 100%. Otherwise, the security still depends on user behavior (If they implement without the escape keyword or do not specify allowedValues). 

[AndrewBrook-Google]

It's helpful to distinguish between options that provide robust safety (like allowedValues) and those which only partially mitigate the risks of SQL injection (like escaping and running the first statement).

It's also worth noting that there may be some cases where a developer has a legitimate need for more flexibility but also has some other way of mitigating the risks.

We could meet both objectives by requiring that the user either use allowedValues or set the --allow-unsafe-tools flag. Escaping or running a single query might be useful additional protections but don't fully remove the risk the way allowedValues does.

[Yuan325]

I've opened another issue for potentially update the name of templateParameter to unsafeParameter #900.

For mitigating the potential security risk, the addition of a new enum type might be preferable. This will prevent us from making changes to the existing parameter types and making it easier to maintain or add new enum types in the future (e.g. date type).

The new enum type will be as follow:

templateParameter:
    - name: tableName
       type: enum
       description: table name.
       enumType: string # this will be one of { string / integer / float / boolean / array}
       allowedValues:
            - flights_table
            - tickets_table
    - name: escapedTableName
       type: enum
       description: table name.
       enumType: string # this will be one of { string / integer / float / boolean / array}
       escape: true
       allowedValues: * # support regex for allowedValues

Here, we introduce 3 new fields as compared to the regular parameters:

parameter name	type	required	description
enumType	string	true	This indicates the type of the value. Accepted values are string / integer / float / boolean / array .
escape	boolean	false	This indicates if the value will be escaped. For escaping, we will add double quotes (or backticks/square brackets depending on the db) to escape identifiers. This is defaulted to false.
allowedValues	[]string or string	true	We will check input value against this. User can either provide a list of possible values or regex.

Further discussion is needed to decide if we want to restrict templateParameter to enum types.