Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
curuinor 6 days ago

hey, this is Howon from CodeRabbit here. we wish to note that this RCE was reported and fixed in January. it was entirely prospective and no customer data was affected. we have extensive sandboxing for basically any execution of anything now, including any and every tool and all generated code of any kind under the CodeRabbit umbrella.

if you want to learn how CodeRabbit does the isolation, here's a blog post about how: https://cloud.google.com/blog/products/ai-machine-learning/h...

mpeg 6 days ago | parent | next [-]

Where can we find the blog post you made back in January about the RCE fix explaining what measures you took to check if any customer data had been affected?

cleverwebb 6 days ago | parent | prev | next [-]

how do you know that no customer data was affected? did you work with github and scan all uses of your keys? how do you know if a use of your github key was authentic or not? did you check with anthroipic/openai/etc to scan logs usage?

It's really hard to trust a "hey we got this guys" statement after a fuckup this big

Xunjin 6 days ago | parent [-]

That's why countries should start to legislate on these matters, there are no incentives in focusing on security and properly report to the customers such vulnerability.

thyrfa 6 days ago | parent | prev | next [-]

How can you guarantee that nobody ripped the private key before the researcher told you about the issue though?

KingOfCoders 6 days ago | parent | next [-]

Or has a backdoor installed somewhere?

blibble 6 days ago | parent | prev [-]

if they can't guarantee this then every single repo that had coderabbit is potentially compromised

frankfrank13 6 days ago | parent | prev | next [-]

Reading this, its not clear how your blog posts relates:

1. You run git clone inside the GCR function, so, you have at the very least a user token for the git provider

2. RCE exploit basically used the external tools, like a static analysis checker, which again, is inside your GCR function

3. As a contrived example, if I could RCE `console.log(process.env)` then seemingly I could do `fetch(mywebsite....`

I get it, you can hand wave some amount of "VPC" and "sandbox" here. But, you're still executing code, explicitly labeling it "untrusted" and "sandboxed" doesn't excuse it.

progbits 6 days ago | parent | prev | next [-]

> no customer data was affected

Someone could have taken the private github key and cloned your customers' private repos.

You would need to audit every single access to github made via your app since the beginning and link it somehow to your side. Did you do this?

yunohn 6 days ago | parent | prev | next [-]

While I fully understand that things sometimes get missed, it just seems really bizarre to me that somehow “sandboxing/isolation” was never considered prior to this incident. To me, it feels like the first thing to implement in a system that is explicitly built to run third party untrusted code?

wging 6 days ago | parent | next [-]

The article seems to imply that something of the sort had actually been attempted prior to the incident, but was either incomplete or buggy. I'm not sure the details would be entirely exculpatory, but unless you want to flatly disbelieve their statements, "not considered" isn't quite right.

> After responsibly disclosing this critical vulnerability to the CodeRabbit team, we learned from them that they had an isolation mechanism in place, but Rubocop somehow was not running inside it.

roywiggins 6 days ago | parent | prev [-]

It seems to me that they thought the linter would be safe to run as it wasn't meant to actually run untrusted code, just statically analyze it.

elpakal 6 days ago | parent | prev | next [-]

> Sandboxing: All Cloud Run instances are sandboxed with two layers of sandboxing and can be configured to have minimal IAM permissions via dedicated service identity. In addition, CodeRabbit is leveraging Cloud Run's second generation execution environment, a microVM providing full Linux cgroup functionality. Within each Cloud Run instance, CodeRabbit uses Jailkit to create isolated processes and cgroups to further restrict the privileges of the jailed process.

In case you don't want to read through the PR

0x457 6 days ago | parent [-]

I don't get it, if you're running on linux then just use Landlock LSM inside a VM.

KingOfCoders 6 days ago | parent | prev | next [-]

The chuzpe to use this as PR.

woodruffw 6 days ago | parent | next [-]

Off topic, but: chutzpah is the conventional English spelling :-)

Edit: I'm this old when I learned that Germans spell it "chuzpe."

KingOfCoders 5 days ago | parent [-]

I'm this old to learn that the Yiddish spelling is chutzpe with a `T` (thought it would be Chuzpe).

Xunjin 6 days ago | parent | prev [-]

Silicon Valley sitcom comedy moment right here.

tadfisher 6 days ago | parent | prev | next [-]

But do you still store your GH API private key in environment variables?

curuinor 6 days ago | parent [-]

hey, this is Howon from CodeRabbit. We use a cloud-provider-provided key vault for application secrets, including GH private key.

musicnarcoman 6 days ago | parent | next [-]

So the CodeRabbit application with access to application secrets still runs in the same virtual machine as untrusted code from the outside?

megamorf 5 days ago | parent | prev [-]

Howon, you can stop posting that canned response. It's not helping the discussion in any way and matches the lack of detail the other commenters have pointed out.

smsm42 6 days ago | parent | prev | next [-]

The word "now" here is kinda worrying tbh. How was it a good idea to release and sell this product before it has been the case?

jsbg 6 days ago | parent | prev [-]

wild to comment this