vulnhuntr：基于大语言模型和静态代码分析的漏洞扫描与分析工具

docker build -t vulnhuntr https://github.com/protectai/vulnhuntr.git#main

pipx install git+https://github.com/protectai/vulnhuntr.git --python python3.10

git clone https://github.com/protectai/vulnhuntrcd vulnhuntr && poetry install

usage: vulnhuntr [-h] -r ROOT [-a ANALYZE] [-l {claude,gpt,ollama}] [-v]Analyze a GitHub project for vulnerabilities. Export your ANTHROPIC_API_KEY/OPENAI_API_KEY before running.options:  -h, --help             显示工具帮助信息和退出  -r ROOT, --root ROOT  项目根目录的路径  -a ANALYZE, --analyze ANALYZE                        项目中要分析的特定路径或文件  -l {claude,gpt,ollama}, --llm {claude,gpt,ollama}                        要使用的LLM客户端（默认：claude）  -v, --verbosity       增加输出的详细程度（-v表示INFO，-vv表示DEBUG）

export ANTHROPIC_API_KEY="sk-1234"vulnhuntr -r /path/to/target/repo/

export OPENAI_API_KEY="sk-1234"vulnhuntr -r /path/to/target/repo/ -a server.py -l gpt

docker run --rm -e ANTHROPIC_API_KEY=sk-1234 -e ANTHROPIC_BASE_URL=https://localhost:1234/api -v /local/path/to/target/repo:/repo vulnhuntr:latest -r /repo -a repo-subfolder/target-file.py

scratchpad:Analyzing the add_llm function in llm_app.py. 2. Identified user input used as keys to access dictionaries: EmbeddingModel, ChatModel, RerankModel,CvModel, and TTSModel. 3. These dictionaries contain class references, which are instantiated with user-supplied parameters. 4. The factory variable isdirectly used from user input (req['llm_factory']) without proper validation. 5. The llm_name is also derived from user input in most cases. 6. Theinstantiation of these classes occurs in try-except blocks, but exceptions are only used for error messages, not preventing execution. 7. The api_keyand other sensitive information are passed directly to these instantiated classes. 8. There's no comprehensive input validation or sanitization for thefactory or llm_name variables. 9. The vulnerability is in a route decorated with @login_required, indicating it's accessible to authenticated users. 10.Reviewing the EmbeddingModel, ChatModel, RerankModel, CvModel, and TTSModel dictionaries to understand their contents and potential for exploitation.----------------------------------------analysis:  The add_llm function in llm_app.py contains a critical Remote Code Execution (RCE) vulnerability. The function uses user-supplied input(req['llm_factory'] and req['llm_name']) to dynamically instantiate classes from the EmbeddingModel, ChatModel, RerankModel, CvModel, and TTSModeldictionaries. This pattern of using user input as a key to access and instantiate classes is inherently dangerous, as it allows an attacker topotentially execute arbitrary code. The vulnerability is exacerbated by the lack of comprehensive input validation or sanitization on theseuser-supplied values. While there are some checks for specific factory types, they are not exhaustive and can be bypassed. An attacker could potentiallyprovide a malicious value for 'llm_factory' that, when used as an index to these model dictionaries, results in the execution of arbitrary code. Thevulnerability is particularly severe because it occurs in a route decorated with @login_required, suggesting it's accessible to authenticated users,which might give a false sense of security.----------------------------------------poc:  POST /add_llm HTTP/1.1  Host: target.com  Content-Type: application/json  Authorization: Bearer <valid_token>  {      "llm_factory": "__import__('os').system",      "llm_name": "id",      "model_type": "EMBEDDING",      "api_key": "dummy_key"  }  This payload attempts to exploit the vulnerability by setting 'llm_factory' to a string that, when evaluated, imports the os module and calls system.The 'llm_name' is set to 'id', which would be executed as a system command if the exploit is successful.----------------------------------------confidence_score:  8----------------------------------------vulnerability_types:  - RCE----------------------------------------