Skip to content

[Bug]chat/openapi 文件上传接口存在路径穿越漏洞 #7745

Closed
#7751
Closed
[Bug]chat/openapi 文件上传接口存在路径穿越漏洞#7745
#7751
Labels
area:webuiThe bug / feature is about webui(dashboard) of astrbot.bugSomething isn't workingpriority: p0
@derrick-Sw1f7

Description

@derrick-Sw1f7
derrick-Sw1f7
opened on Apr 23, 2026

What happened / 发生了什么

当前文件上传接口在保存上传文件时,直接信任了客户端传入的 filename,并将其拼接到服务端附件目录后保存。
受影响位置:
astrbot/dashboard/routes/chat.py 中的 post_file()
astrbot/dashboard/routes/open_api.py 中的 openapi_upload_file()
当前逻辑大致为:
读取 file.filename
使用 os.path.join(self.attachments_dir, filename) 生成保存路径
直接执行 await file.save(path)
由于没有对 filename 做路径清洗,也没有对最终解析后的路径做目录边界校验,攻击者可以通过构造类似 ../../xxx 或 ..\..\xxx 的文件名,将文件写入附件目录之外的位置。

Reproduce / 如何复现?

向 POST /api/v1/file 发送一个 multipart/form-data 请求
上传任意文件内容,但将文件名构造为:../../outside.txt
服务端保存后,文件实际落盘位置可能逃逸出 attachments 目录

AstrBot version, deployment method (e.g., Windows Docker Desktop deployment), provider used, and messaging platform used. / AstrBot 版本、部署方式(如 Windows Docker Desktop 部署)、使用的提供商、使用的消息平台适配器

AstrBot4.23.2 Windows Docker Desktop 部署

OS

Windows

Logs / 报错日志

发送数据包
POST /api/chat/post_file HTTP/1.1
Host: localhost:6185
Content-Type: multipart/form-data; boundary=----xxx

HTTP/1.1 200 OK
Content-Type: application/json

{
"status": "ok",
"message": null,
"data": {
"attachment_id": "9f2d5d8b-3a4f-4a4a-9d6a-0a6b2f6d2d11",
"filename": "test.txt",
"type": "file"
}
}
即可见文件

Are you willing to submit a PR? / 你愿意提交 PR 吗?

  • Yes!

Code of Conduct

Metadata

Metadata

Assignees

No one assigned

    Labels

    area:webuiThe bug / feature is about webui(dashboard) of astrbot.bugSomething isn't workingpriority: p0

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions