add command shell blacklist and whitelist (#3950)

Co-authored-by: k-boikov <64261260+k-boikov@users.noreply.github.com>
Co-authored-by: Nicholas Tindle <nick@ntindle.com>
Co-authored-by: Richard Beales <rich@richbeales.net>

.env.template

@@ -38,6 +38,15 @@
 ## For example, to disable coding related features, uncomment the next line
 # DISABLED_COMMAND_CATEGORIES=autogpt.commands.analyze_code,autogpt.commands.execute_code,autogpt.commands.git_operations,autogpt.commands.improve_code,autogpt.commands.write_tests
 
+## DENY_COMMANDS - The list of commands that are not allowed to be executed by Auto-GPT (Default: None)
+# the following are examples:
+# DENY_COMMANDS=cd,nano,vim,vi,emacs,rm,sudo,top,ping,ssh,scp
+
+## ALLOW_COMMANDS - ONLY those commands will be allowed to be executed by Auto-GPT
+# the following are examples:
+# ALLOW_COMMANDS=ls,git,cat,grep,find,echo,ps,curl,wget
+
+
 ################################################################################
 ### LLM PROVIDER
 ################################################################################

autogpt/commands/execute_code.py

@@ -97,6 +97,32 @@ def execute_python_file(filename: str) -> str:
         return f"Error: {str(e)}"
 
 
+def validate_command(command: str) -> bool:
+    """Validate a command to ensure it is allowed
+
+    Args:
+        command (str): The command to validate
+
+    Returns:
+        bool: True if the command is allowed, False otherwise
+    """
+    tokens = command.split()
+
+    if not tokens:
+        return False
+
+    if CFG.deny_commands and tokens[0] not in CFG.deny_commands:
+        return False
+
+    for keyword in CFG.allow_commands:
+        if keyword in tokens:
+            return True
+    if CFG.allow_commands:
+        return False
+
+    return True
+
+
 @command(
     "execute_shell",
     "Execute Shell Command, non-interactive commands only",
@@ -115,6 +141,9 @@ def execute_shell(command_line: str) -> str:
     Returns:
         str: The output of the command
     """
+    if not validate_command(command_line):
+        logger.info(f"Command '{command_line}' not allowed")
+        return "Error: This Shell Command is not allowed."
 
     current_dir = Path.cwd()
     # Change dir into workspace if necessary
@@ -153,6 +182,9 @@ def execute_shell_popen(command_line) -> str:
     Returns:
         str: Description of the fact that the process started and its id
     """
+    if not validate_command(command_line):
+        logger.info(f"Command '{command_line}' not allowed")
+        return "Error: This Shell Command is not allowed."
 
     current_dir = os.getcwd()
     # Change dir into workspace if necessary

autogpt/config/config.py

@@ -37,6 +37,18 @@ class Config(metaclass=Singleton):
         else:
             self.disabled_command_categories = []
 
+        deny_commands = os.getenv("DENY_COMMANDS")
+        if deny_commands:
+            self.deny_commands = deny_commands.split(",")
+        else:
+            self.deny_commands = []
+
+        allow_commands = os.getenv("ALLOW_COMMANDS")
+        if allow_commands:
+            self.allow_commands = allow_commands.split(",")
+        else:
+            self.allow_commands = []
+
         self.ai_settings_file = os.getenv("AI_SETTINGS_FILE", "ai_settings.yaml")
         self.prompt_settings_file = os.getenv(
             "PROMPT_SETTINGS_FILE", "prompt_settings.yaml"