fix(blocks, security): Fixes for various DoS vulnerabilities (#10798)

This PR addresses multiple critical and medium security vulnerabilities
that could lead to Denial of Service (DoS) attacks. All fixes implement
defense-in-depth strategies with comprehensive testing.

### Changes 🏗️

#### **Critical Security Fixes:**

1. **GHSA-m2wr-7m3r-p52c - ReDoS in CodeExtractionBlock** 
- Fixed catastrophic backtracking in regex patterns `\s+[\s\S]*?` and
`\s+(.*?)`
   - Replaced with safer patterns: `[ \t]*\n([^\s\S]*?)`
   - Files: `backend/blocks/code_extraction_block.py`

2. **GHSA-955p-gpfx-r66j - AITextSummarizerBlock Memory Amplification**
   - Added 1MB text size limit and 100 chunk maximum
   - Prevents 10K input → 50G memory amplification attacks
   - Files: `backend/blocks/llm.py`

3. **GHSA-5cqw-g779-9f9x - RSS Feed XML Bomb DoS**
   - Added 10MB feed size limit and 30s timeout
   - Prevents deep XML parsing memory exhaustion
   - Files: `backend/blocks/rss.py`

4. **GHSA-7g34-7fvq-xxq6 - File Storage Disk Exhaustion**
   - Added 100MB per file and 1GB per execution directory limits
   - Prevents disk space exhaustion from file uploads
   - Files: `backend/util/file.py`

5. **GHSA-pppq-xx2w-7jpq - ExtractTextInformationBlock ReDoS**
   - Added 1MB text limit, 1000 match limit, and 5s timeout protection
   - Prevents lookahead pattern memory exhaustion
   - Files: `backend/blocks/text.py`

6. **GHSA-vw3v-whvp-33v5 - Docker Logging Disk Exhaustion**
- Added log rotation limits at Docker (10MB × 3 files) and application
levels
   - Prevents unbounded log growth causing disk exhaustion
- Files: `docker-compose.platform.yml`,
`autogpt_libs/autogpt_libs/logging/config.py`

#### **Additional Security Improvements:**

7. **StepThroughItemsBlock DoS Prevention**
   - Added 10,000 item limit and 1MB input size limit
   - Prevents large iteration DoS attacks
   - Files: `backend/blocks/iteration.py`

8. **XMLParserBlock XML Bomb Prevention**
   - Added 10MB XML input size limit
   - Files: `backend/blocks/xml_parser.py`

#### **Code Quality:**
- Fixed Python 3.10 typing compatibility issues
- Added comprehensive security test suite
- All code formatted and linted

### Checklist 📋

#### For code changes:
- [x] I have clearly listed my changes in the PR description
- [x] I have made a test plan
- [x] I have tested my changes according to the test plan:
- [x] Created comprehensive security test suite covering all
vulnerabilities
  - [x] Verified ReDoS patterns are fixed and don't cause timeouts
  - [x] Confirmed memory limits prevent amplification attacks
  - [x] Tested file size limits prevent disk exhaustion
  - [x] Validated log rotation prevents unbounded growth
  - [x] Ensured backward compatibility for normal usage

#### For configuration changes:
- [x] `docker-compose.yml` is updated with logging limits
- [x] I have included a list of my configuration changes in the PR
description (under **Changes**)

### Test Plan 🧪

**Security Tests:**
1. **ReDoS Protection**: Tested with malicious regex inputs (large
spaces) - completes without hanging
2. **Memory Limits**: Verified 2MB text input gets truncated to 1MB,
chunk limits enforced
3. **File Size Limits**: Confirmed 200MB files rejected, directory size
limits enforced
4. **Iteration Limits**: Tested 20K item arrays rejected, large JSON
strings rejected
5. **Timeout Protection**: Dangerous regex patterns timeout after 5s
instead of hanging

**Compatibility Tests:**
- Normal functionality preserved for all blocks
- Existing tests pass with new security limits
- Performance impact minimal for typical usage

### Security Impact 🛡️

**Before:** Multiple attack vectors could cause:
- CPU exhaustion (ReDoS attacks)
- Memory exhaustion (amplification attacks)  
- Disk exhaustion (file/log bombs)
- Service unavailability

**After:** All attack vectors mitigated with:
- Input validation and size limits
- Timeout protections
- Resource quotas
- Defense-in-depth approach

All fixes maintain backward compatibility while preventing DoS attacks.

🤖 Generated with [Claude Code](https://claude.ai/code)

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> Adds robust DoS protections across blocks (regex, memory, iteration,
XML/RSS, file I/O) and enables app/Docker log rotation with
comprehensive tests.
> 
> - **Security hardening**:
> - Replace unsafe regex in `backend/blocks/code_extraction_block.py` to
prevent ReDoS; add safer extraction/removal patterns.
> - Constrain LLM summarizer chunking in `backend/blocks/llm.py` (1MB
cap, chunk/overlap validation, chunk count limit).
> - Limit RSS fetching in `backend/blocks/rss.py` (scheme validation,
10MB cap, timeout, bounded read) and return empty on failure.
>   - Impose XML size limit (10MB) in `backend/blocks/xml_parser.py`.
> - Add file upload/download limits in `backend/util/file.py`
(100MB/file, 1GB dir quota) and enforce scanning before write.
> - Enable rotating file logs in `autogpt_libs/logging/config.py` (size
+ backups) and Docker json-file log rotation in
`docker-compose.platform.yml`.
> - **Iteration block**:
> - Add item count/string size limits; fix yielded key for dicts; cap
iterations in `backend/blocks/iteration.py`.
> - **Tests**:
> - New `backend/blocks/test/test_security_fixes.py` covering ReDoS,
timeouts, memory/size and iteration limits, XML/file constraints.
> - **Misc**:
> - Typing fallback for `NotRequired` in `activity_status_generator.py`.
>   - Dependency updates in `backend/poetry.lock`.
> 
> <sup>Written by [Cursor
Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit
500e157. This will update automatically
on new commits. Configure
[here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

---------

Co-authored-by: Claude <[email protected]>
Co-authored-by: Nicholas Tindle <[email protected]>
Co-authored-by: claude[bot] <41898282+claude[bot]@users.noreply.github.com>
Co-authored-by: Nicholas Tindle <[email protected]>
Co-authored-by: Zamil Majdy <[email protected]>
Co-authored-by: Reinier van der Leer <[email protected]>
Co-authored-by: Reinier van der Leer <[email protected]>

Author: 5 people

autogpt_platform/autogpt_libs/autogpt_libs/logging/config.py

@@ -4,6 +4,7 @@
 import os
 import socket
 import sys
+from logging.handlers import RotatingFileHandler
 from pathlib import Path
 
 from pydantic import Field, field_validator
@@ -139,8 +140,13 @@ def configure_logging(force_cloud_logging: bool = False) -> None:
         print(f"Log directory: {config.log_dir}")
 
         # Activity log handler (INFO and above)
-        activity_log_handler = logging.FileHandler(
-            config.log_dir / LOG_FILE, "a", "utf-8"
+        # Security fix: Use RotatingFileHandler with size limits to prevent disk exhaustion
+        activity_log_handler = RotatingFileHandler(
+            config.log_dir / LOG_FILE,
+            mode="a",
+            encoding="utf-8",
+            maxBytes=10 * 1024 * 1024,  # 10MB per file
+            backupCount=3,  # Keep 3 backup files (40MB total)
         )
         activity_log_handler.setLevel(config.level)
         activity_log_handler.setFormatter(
@@ -150,8 +156,13 @@ def configure_logging(force_cloud_logging: bool = False) -> None:
 
         if config.level == logging.DEBUG:
             # Debug log handler (all levels)
-            debug_log_handler = logging.FileHandler(
-                config.log_dir / DEBUG_LOG_FILE, "a", "utf-8"
+            # Security fix: Use RotatingFileHandler with size limits
+            debug_log_handler = RotatingFileHandler(
+                config.log_dir / DEBUG_LOG_FILE,
+                mode="a",
+                encoding="utf-8",
+                maxBytes=10 * 1024 * 1024,  # 10MB per file
+                backupCount=3,  # Keep 3 backup files (40MB total)
             )
             debug_log_handler.setLevel(logging.DEBUG)
             debug_log_handler.setFormatter(
@@ -160,8 +171,13 @@ def configure_logging(force_cloud_logging: bool = False) -> None:
             log_handlers.append(debug_log_handler)
 
         # Error log handler (ERROR and above)
-        error_log_handler = logging.FileHandler(
-            config.log_dir / ERROR_LOG_FILE, "a", "utf-8"
+        # Security fix: Use RotatingFileHandler with size limits
+        error_log_handler = RotatingFileHandler(
+            config.log_dir / ERROR_LOG_FILE,
+            mode="a",
+            encoding="utf-8",
+            maxBytes=10 * 1024 * 1024,  # 10MB per file
+            backupCount=3,  # Keep 3 backup files (40MB total)
         )
         error_log_handler.setLevel(logging.ERROR)
         error_log_handler.setFormatter(AGPTFormatter(DEBUG_LOG_FORMAT, no_color=True))

autogpt_platform/backend/backend/blocks/code_extraction_block.py

@@ -90,7 +90,7 @@ async def run(self, input_data: Input, **kwargs) -> BlockOutput:
                 for aliases in language_aliases.values()
                 for alias in aliases
             )
-            + r")\s+[\s\S]*?```"
+            + r")[ \t]*\n[\s\S]*?```"
         )
 
         remaining_text = re.sub(pattern, "", input_data.text).strip()
@@ -103,7 +103,9 @@ def extract_code(self, text: str, language: str) -> str:
         # Escape special regex characters in the language string
         language = re.escape(language)
         # Extract all code blocks enclosed in ```language``` blocks
-        pattern = re.compile(rf"```{language}\s+(.*?)```", re.DOTALL | re.IGNORECASE)
+        pattern = re.compile(
+            rf"```{language}[ \t]*\n(.*?)\n```", re.DOTALL | re.IGNORECASE
+        )
         matches = pattern.finditer(text)
         # Combine all code blocks for this language with newlines between them
         code_blocks = [match.group(1).strip() for match in matches]

autogpt_platform/backend/backend/blocks/iteration.py

@@ -54,20 +54,43 @@ def __init__(self):
         )
 
     async def run(self, input_data: Input, **kwargs) -> BlockOutput:
+        # Security fix: Add limits to prevent DoS from large iterations
+        MAX_ITEMS = 10000  # Maximum items to iterate
+        MAX_ITEM_SIZE = 1024 * 1024  # 1MB per item
+
         for data in [input_data.items, input_data.items_object, input_data.items_str]:
             if not data:
                 continue
+
+            # Limit string size before parsing
             if isinstance(data, str):
+                if len(data) > MAX_ITEM_SIZE:
+                    raise ValueError(
+                        f"Input too large: {len(data)} bytes > {MAX_ITEM_SIZE} bytes"
+                    )
                 items = json.loads(data)
             else:
                 items = data
+
+            # Check total item count
+            if isinstance(items, (list, dict)):
+                if len(items) > MAX_ITEMS:
+                    raise ValueError(f"Too many items: {len(items)} > {MAX_ITEMS}")
+
+            iteration_count = 0
             if isinstance(items, dict):
                 # If items is a dictionary, iterate over its values
-                for item in items.values():
-                    yield "item", item
-                    yield "key", item
+                for key, value in items.items():
+                    if iteration_count >= MAX_ITEMS:
+                        break
+                    yield "item", value
+                    yield "key", key  # Fixed: should yield key, not item
+                    iteration_count += 1
             else:
                 # If items is a list, iterate over the list
                 for index, item in enumerate(items):
+                    if iteration_count >= MAX_ITEMS:
+                        break
                     yield "item", item
                     yield "key", index
+                    iteration_count += 1

autogpt_platform/backend/backend/blocks/llm.py

@@ -1404,11 +1404,27 @@ async def _run(
 
     @staticmethod
     def _split_text(text: str, max_tokens: int, overlap: int) -> list[str]:
+        # Security fix: Add validation to prevent DoS attacks
+        # Limit text size to prevent memory exhaustion
+        MAX_TEXT_LENGTH = 1_000_000  # 1MB character limit
+        MAX_CHUNKS = 100  # Maximum number of chunks to prevent excessive memory use
+
+        if len(text) > MAX_TEXT_LENGTH:
+            text = text[:MAX_TEXT_LENGTH]
+
+        # Ensure chunk_size is at least 1 to prevent infinite loops
+        chunk_size = max(1, max_tokens - overlap)
+
+        # Ensure overlap is less than max_tokens to prevent invalid configurations
+        if overlap >= max_tokens:
+            overlap = max(0, max_tokens - 1)
+
         words = text.split()
         chunks = []
-        chunk_size = max_tokens - overlap
 
         for i in range(0, len(words), chunk_size):
+            if len(chunks) >= MAX_CHUNKS:
+                break  # Limit the number of chunks to prevent memory exhaustion
             chunk = " ".join(words[i : i + max_tokens])
             chunks.append(chunk)
 

autogpt_platform/backend/backend/blocks/rss.py

@@ -1,4 +1,7 @@
 import asyncio
+import logging
+import urllib.parse
+import urllib.request
 from datetime import datetime, timedelta, timezone
 from typing import Any
 
@@ -101,7 +104,38 @@ def __init__(self):
 
     @staticmethod
     def parse_feed(url: str) -> dict[str, Any]:
-        return feedparser.parse(url)  # type: ignore
+        # Security fix: Add protection against memory exhaustion attacks
+        MAX_FEED_SIZE = 10 * 1024 * 1024  # 10MB limit for RSS feeds
+
+        # Validate URL
+        parsed_url = urllib.parse.urlparse(url)
+        if parsed_url.scheme not in ("http", "https"):
+            raise ValueError(f"Invalid URL scheme: {parsed_url.scheme}")
+
+        # Download with size limit
+        try:
+            with urllib.request.urlopen(url, timeout=30) as response:
+                # Check content length if available
+                content_length = response.headers.get("Content-Length")
+                if content_length and int(content_length) > MAX_FEED_SIZE:
+                    raise ValueError(
+                        f"Feed too large: {content_length} bytes exceeds {MAX_FEED_SIZE} limit"
+                    )
+
+                # Read with size limit
+                content = response.read(MAX_FEED_SIZE + 1)
+                if len(content) > MAX_FEED_SIZE:
+                    raise ValueError(
+                        f"Feed too large: exceeds {MAX_FEED_SIZE} byte limit"
+                    )
+
+                # Parse with feedparser using the validated content
+                # feedparser has built-in protection against XML attacks
+                return feedparser.parse(content)  # type: ignore
+        except Exception as e:
+            # Log error and return empty feed
+            logging.warning(f"Failed to parse RSS feed from {url}: {e}")
+            return {"entries": []}
 
     async def run(self, input_data: Input, **kwargs) -> BlockOutput:
         keep_going = True