Skip to content

Add workflows, init commit #218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add workflows, init commit #218

wants to merge 3 commits into from

Conversation

Adityav369
Copy link
Collaborator

No description provided.

@jazzberry-ai Jazzberry AI
Copy link

jazzberry-ai bot commented Jun 23, 2025
edited
Loading

Bug Report

Name Severity Example test case Description
Injection vulnerability in apply_instruction.py High Create a document with malicious content and use a prompt template to trigger code execution by the LLM. The apply_instruction action is susceptible to prompt injection, allowing malicious users to execute code via the LLM.
Data loss in save_to_metadata.py with top-level merge and non-dict data Medium Create a document with initial metadata, run a workflow that returns a string, and use save_to_metadata with merge_mode set to "top_level" without specifying a metadata_key. When merge_mode is "top_level" and the data is not a dict, existing metadata can be overwritten.
Concurrency issue during workflow execution for same document Medium Simultaneously trigger the same workflow on the same document twice. A race condition allows multiple workflow runs to be created for the same document.
SQL injection in folder-workflow association queries High Inject malicious SQL into the workflow_ids array when associating/disassociating workflows with folders. The SQL queries used to update folder workflow associations are susceptible to SQL injection.
Document service: potential infinite loop in _ensure_folder_exists Medium Configure folder creation to always fail and ingest a document with folder_name. The _ensure_folder_exists function could lead to an infinite loop if folder creation repeatedly fails.

Comments? Email us.

@jazzberry-ai Jazzberry AI
Copy link

jazzberry-ai bot commented Jun 24, 2025
edited
Loading

Bug Report

Name Severity Example test case Description
SQL Injection in delete_workflow High workflow_id = "123'; DROP TABLE users; --" The delete_workflow method in core/database/postgres_database.py is vulnerable to SQL injection because it directly substitutes the workflow_id into the SQL query used to remove the workflow from folders. A malicious user could exploit this vulnerability to execute arbitrary SQL code, potentially compromising the database.

Comments? Email us.

@jazzberry-ai Jazzberry AI
Copy link

jazzberry-ai bot commented Jun 24, 2025
edited
Loading

Bug Report

Name Severity Example test case Description
Incorrect Context Propagation in Workflow Execution High Add a document to a folder with an associated workflow. The workflow might fail to execute because the asyncio.create_task call in _queue_folder_workflows does not propagate the request context, leading to issues accessing the database and other request-scoped dependencies.

Comments? Email us.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Adityav369