fix jinja runtime leak (#2575)

2025-09-16 02:09:40 +00:00 · 2025-06-02 23:03:49 -07:00 · 2025-06-02 23:03:49 -07:00 · db856cd843
commit db856cd843
parent 4905c03fd5
1 changed files with 3 additions and 2 deletions
--- a/skyvern/forge/sdk/workflow/models/block.py
+++ b/skyvern/forge/sdk/workflow/models/block.py
@ -20,7 +20,7 @@ from urllib.parse import quote
 import filetype
 import structlog
 from email_validator import EmailNotValidError, validate_email
-from jinja2 import Template
+from jinja2.sandbox import SandboxedEnvironment
 from playwright.async_api import Page
 from pydantic import BaseModel, Field
 from pypdf import PdfReader
@ -77,6 +77,7 @@ from skyvern.webeye.browser_factory import BrowserState
 from skyvern.webeye.utils.page import SkyvernFrame

 LOG = structlog.get_logger()
+jinja_sandbox_env = SandboxedEnvironment()


 class BlockType(StrEnum):
@ -184,7 +185,7 @@ class Block(BaseModel, abc.ABC):
    ) -> str:
        if not potential_template:
            return potential_template
-        template = Template(potential_template)
+        template = jinja_sandbox_env.from_string(potential_template)

        block_reference_data: dict[str, Any] = workflow_run_context.get_block_metadata(self.label)
        template_data = workflow_run_context.values.copy()