Skip to content

Commit 16f43e5

Browse files
unclesp1d3runclesp1d3r
committed
fix: sanitize hashModes input and use parameterized SQL in capability predicate
Filter hashModes to finite integers only (dropping NaN, Infinity, non-numeric strings) and replace sql.raw() interpolation with parameterized array binding in buildCapabilityPredicate. Hardens the DB-level capability matching against malformed agent capability payloads. Signed-off-by: UncleSp1d3r <unclesp1d3r@evilbitlabs.io>
1 parent 299d75a commit 16f43e5

1 file changed

Lines changed: 7 additions & 3 deletions

File tree

packages/backend/src/services/tasks.ts

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,11 @@ export async function generateTasksForAttack(
9797
*/
9898
function buildCapabilityPredicate(agentCaps: Record<string, unknown>): SQL {
9999
const hasGpu = agentCaps['gpu'] === true;
100-
const hashModes = Array.isArray(agentCaps['hashModes']) ? agentCaps['hashModes'] : [];
100+
const rawHashModes = Array.isArray(agentCaps['hashModes']) ? agentCaps['hashModes'] : [];
101+
// Sanitize to finite integers only — NaN, Infinity, non-numeric strings are dropped
102+
const hashModes = rawHashModes
103+
.map((m: unknown) => Number(m))
104+
.filter((n): n is number => Number.isFinite(n) && Number.isInteger(n));
101105

102106
// GPU check: if the task requires GPU, the agent must have it.
103107
// If the agent has GPU, this is always satisfied. If not, exclude GPU-requiring tasks.
@@ -106,12 +110,12 @@ function buildCapabilityPredicate(agentCaps: Record<string, unknown>): SQL {
106110
: sql`NOT (${tasks.requiredCapabilities}->>'gpu' = 'true')`;
107111

108112
// Hash mode check: the task's required hashcatMode must be in the agent's hashModes array.
109-
// If agent advertises no hashModes, only tasks without a hashcatMode requirement pass.
113+
// If agent advertises no hashModes (or all were invalid), only tasks without a hashcatMode requirement pass.
110114
const hashModeCondition =
111115
hashModes.length > 0
112116
? sql`(
113117
${tasks.requiredCapabilities}->>'hashcatMode' IS NULL
114-
OR (${tasks.requiredCapabilities}->>'hashcatMode')::int = ANY(ARRAY[${sql.raw(hashModes.map((m: unknown) => Number(m)).join(','))}]::int[])
118+
OR (${tasks.requiredCapabilities}->>'hashcatMode')::int = ANY(${hashModes}::int[])
115119
)`
116120
: sql`(${tasks.requiredCapabilities}->>'hashcatMode' IS NULL)`;
117121

0 commit comments

Comments
 (0)