Skip to content

Security: Arbitrary Code Execution via Dynamic Class Loading#164

Open
tomaioo wants to merge 1 commit into
amazon-far:mainfrom
tomaioo:fix/security/arbitrary-code-execution-via-dynamic-cla
Open

Security: Arbitrary Code Execution via Dynamic Class Loading#164
tomaioo wants to merge 1 commit into
amazon-far:mainfrom
tomaioo:fix/security/arbitrary-code-execution-via-dynamic-cla

Conversation

@tomaioo

@tomaioo tomaioo commented Jul 14, 2026

Copy link
Copy Markdown

Summary

Security: Arbitrary Code Execution via Dynamic Class Loading

Problem

Severity: Critical | File: src/holosoma/holosoma/replay.py:L22

The get_class helper function is used to dynamically load environment classes based on the env_class string attribute from ExperimentConfig (e.g., in replay.py and eval_agent.py). If an attacker can control the env_class configuration value, they can specify an arbitrary class path, leading to the instantiation and execution of arbitrary Python code.

Solution

Restrict the env_class configuration attribute to a predefined set of allowed environment classes. Validate the string against this allowlist before attempting to dynamically load and instantiate the class.

Changes

  • src/holosoma/holosoma/replay.py (modified)

The `get_class` helper function is used to dynamically load environment classes based on the `env_class` string attribute from `ExperimentConfig` (e.g., in `replay.py` and `eval_agent.py`). If an attacker can control the `env_class` configuration value, they can specify an arbitrary class path, leading to the instantiation and execution of arbitrary Python code.

Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant