Skip to content

Mitigate litellm supply chain compromise (1.82.7, 1.82.8) #393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
TomasTomecek merged 2 commits into from
Mar 25, 2026
Merged

Mitigate litellm supply chain compromise (1.82.7, 1.82.8) #393

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
52247d7
Exclude compromised litellm versions 1.82.7 and 1.82.8
TomasTomecek Mar 25, 2026
c88bfbc
Add build-time check for malicious litellm_init.pth in Containerfiles
TomasTomecek Mar 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions Containerfile.c10s
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ RUN dnf -y install --allowerasing \
&& dnf clean all

RUN pip3 install --no-cache-dir \
"litellm!=1.82.7,!=1.82.8" \
beeai-framework[vertexai,mcp,duckduckgo]==0.1.55 \
google-cloud-aiplatform \
openinference-instrumentation-beeai \
Expand All @@ -51,6 +52,13 @@ RUN pip3 install --no-cache-dir \
pytest \
pytest-asyncio

# Verify no malicious litellm_init.pth was introduced by compromised litellm packages (e.g. 1.82.7, 1.82.8)
RUN MALICIOUS=$(find /usr /opt -name "litellm_init.pth" 2>/dev/null); \
if [ -n "$MALICIOUS" ]; then \
echo "SECURITY ALERT: malicious litellm_init.pth detected: $MALICIOUS"; \
exit 1; \
fi
Comment on lines +56 to +60
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The error message when a malicious file is found could be improved for clarity and robustness. The current implementation with an unquoted $MALICIOUS variable can lead to garbled output if multiple files are found or if filenames contain spaces. It is also a good practice to redirect error messages to stderr (>&2).

RUN MALICIOUS=$(find /usr /opt -name "litellm_init.pth" 2>/dev/null); \
    if [ -n "$MALICIOUS" ]; then \
      echo "SECURITY ALERT: malicious litellm_init.pth detected:" >&2; \
      echo "$MALICIOUS" >&2; \
      exit 1; \
    fi

Copy link
Copy Markdown
Member Author

@TomasTomecek TomasTomecek Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Gemini but you are just picking nits here, I'm not applying that to all occurences, sorry


# Create user
RUN useradd -m -G wheel beeai

Expand Down
8 changes: 8 additions & 0 deletions Containerfile.c9s
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ RUN dnf -y install --allowerasing \
RUN python3.11 -m venv --system-site-packages /opt/beeai-venv \
&& /opt/beeai-venv/bin/pip install --upgrade pip \
&& /opt/beeai-venv/bin/pip install --no-cache-dir \
"litellm!=1.82.7,!=1.82.8" \
beeai-framework[vertexai,mcp,duckduckgo]==0.1.55 \
google-cloud-aiplatform \
openinference-instrumentation-beeai \
Expand All @@ -52,6 +53,13 @@ RUN python3.11 -m venv --system-site-packages /opt/beeai-venv \
specfile \
koji

# Verify no malicious litellm_init.pth was introduced by compromised litellm packages (e.g. 1.82.7, 1.82.8)
RUN MALICIOUS=$(find /usr /opt -name "litellm_init.pth" 2>/dev/null); \
if [ -n "$MALICIOUS" ]; then \
echo "SECURITY ALERT: malicious litellm_init.pth detected: $MALICIOUS"; \
exit 1; \
fi
Comment on lines +57 to +61
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The error message when a malicious file is found could be improved for clarity and robustness. The current implementation with an unquoted $MALICIOUS variable can lead to garbled output if multiple files are found or if filenames contain spaces. It is also a good practice to redirect error messages to stderr (>&2).

RUN MALICIOUS=$(find /usr /opt -name "litellm_init.pth" 2>/dev/null); \
    if [ -n "$MALICIOUS" ]; then \
      echo "SECURITY ALERT: malicious litellm_init.pth detected:" >&2; \
      echo "$MALICIOUS" >&2; \
      exit 1; \
    fi


# Make venv Python the default
ENV PATH=/opt/beeai-venv/bin:$PATH

Expand Down
8 changes: 8 additions & 0 deletions Containerfile.c9s-tests
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ RUN dnf -y install --allowerasing \
RUN python3.11 -m venv --system-site-packages /opt/beeai-venv \
&& /opt/beeai-venv/bin/pip install --upgrade pip \
&& /opt/beeai-venv/bin/pip install --no-cache-dir \
"litellm!=1.82.7,!=1.82.8" \
beeai-framework[vertexai,mcp,duckduckgo]==0.1.55 \
openinference-instrumentation-beeai \
arize-phoenix-otel \
Expand All @@ -37,6 +38,13 @@ RUN python3.11 -m venv --system-site-packages /opt/beeai-venv \
GitPython \
tomli-w

# Verify no malicious litellm_init.pth was introduced by compromised litellm packages (e.g. 1.82.7, 1.82.8)
RUN MALICIOUS=$(find /usr /opt -name "litellm_init.pth" 2>/dev/null); \
if [ -n "$MALICIOUS" ]; then \
echo "SECURITY ALERT: malicious litellm_init.pth detected: $MALICIOUS"; \
exit 1; \
fi
Comment on lines +42 to +46
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The error message when a malicious file is found could be improved for clarity and robustness. The current implementation with an unquoted $MALICIOUS variable can lead to garbled output if multiple files are found or if filenames contain spaces. It is also a good practice to redirect error messages to stderr (>&2).

RUN MALICIOUS=$(find /usr /opt -name "litellm_init.pth" 2>/dev/null); \
    if [ -n "$MALICIOUS" ]; then \
      echo "SECURITY ALERT: malicious litellm_init.pth detected:" >&2; \
      echo "$MALICIOUS" >&2; \
      exit 1; \
    fi


# Make venv Python the default
ENV PATH=/opt/beeai-venv/bin:$PATH

Expand Down
8 changes: 8 additions & 0 deletions Containerfile.supervisor
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ RUN dnf -y install --allowerasing \
gcc-c++ \
python3-devel \
&& pip3 install -v --no-cache-dir \
"litellm!=1.82.7,!=1.82.8" \
beeai-framework[vertexai,mcp,duckduckgo]==0.1.55 \
google-cloud-aiplatform \
openinference-instrumentation-beeai \
Expand All @@ -35,6 +36,13 @@ RUN dnf -y install --allowerasing \
&& dnf -y remove gcc gcc-c++ python3-devel \
&& dnf clean all

# Verify no malicious litellm_init.pth was introduced by compromised litellm packages (e.g. 1.82.7, 1.82.8)
RUN MALICIOUS=$(find /usr /opt -name "litellm_init.pth" 2>/dev/null); \
if [ -n "$MALICIOUS" ]; then \
echo "SECURITY ALERT: malicious litellm_init.pth detected: $MALICIOUS"; \
exit 1; \
fi
Comment on lines +40 to +44
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The error message when a malicious file is found could be improved for clarity and robustness. The current implementation with an unquoted $MALICIOUS variable can lead to garbled output if multiple files are found or if filenames contain spaces. It is also a good practice to redirect error messages to stderr (>&2).

RUN MALICIOUS=$(find /usr /opt -name "litellm_init.pth" 2>/dev/null); \
    if [ -n "$MALICIOUS" ]; then \
      echo "SECURITY ALERT: malicious litellm_init.pth detected:" >&2; \
      echo "$MALICIOUS" >&2; \
      exit 1; \
    fi


# Create user
RUN useradd -m -G wheel beeai

Expand Down
8 changes: 8 additions & 0 deletions Containerfile.tests
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,15 @@ ENV PYTHONPATH=/src:$PYTHONPATH

# Install BeeAI Framework and FastMCP
RUN pip3 install --no-cache-dir \
"litellm!=1.82.7,!=1.82.8" \
beeai-framework[vertexai,mcp,duckduckgo]==0.1.55 \
fastmcp redis backoff

# Verify no malicious litellm_init.pth was introduced by compromised litellm packages (e.g. 1.82.7, 1.82.8)
RUN MALICIOUS=$(find /usr /opt -name "litellm_init.pth" 2>/dev/null); \
if [ -n "$MALICIOUS" ]; then \
echo "SECURITY ALERT: malicious litellm_init.pth detected: $MALICIOUS"; \
exit 1; \
fi
Comment on lines +38 to +42
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist bot Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The error message when a malicious file is found could be improved for clarity and robustness. The current implementation with an unquoted $MALICIOUS variable can lead to garbled output if multiple files are found or if filenames contain spaces. It is also a good practice to redirect error messages to stderr (>&2).

RUN MALICIOUS=$(find /usr /opt -name "litellm_init.pth" 2>/dev/null); \
    if [ -n "$MALICIOUS" ]; then \
      echo "SECURITY ALERT: malicious litellm_init.pth detected:" >&2; \
      echo "$MALICIOUS" >&2; \
      exit 1; \
    fi


WORKDIR /src
1 change: 1 addition & 0 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ readme = "README.md"
requires-python = ">=3.13,<3.14"
# we are installing bee 0.1.55 in containers now
dependencies = [
"litellm!=1.82.7,!=1.82.8",
"aiohttp>=3.12.15",
"aiofiles>=24.1.0",
"arize-phoenix-otel>=0.13.0",
Expand Down
Loading