Vulnerability Description

SQLBot is an intelligent data query system based on large language models and RAG, meticulously crafted by the DataEase open-source project team. With SQLBot, users can perform conversational data analysis (ChatBI), quickly extracting the necessary data information and visualizations, and supporting further intelligent analysis.

In backend/apps/db/es_engine.py, the Elasticsearch query function directly uses user-provided host parameter to make HTTP requests without validating the target address, leading to Server-Side Request Forgery (SSRF). Attackers can use this to scan internal networks, access cloud metadata services, and exploit internal services.

Affected Versions

SQLBot ≤ 1.6.0

Vulnerability Analysis

Vulnerable Code Location - backend/apps/db/es_engine.py:106-132:

def get_es_data_by_http(conf: DatasourceConf, sql: str):
    url = conf.host  # <-- Direct use of user-provided host
    while url.endswith('/'):
        url = url[:-1]

    host = f'{url}/_sql?format=json'

    # Security improvement comment exists but is insufficient
    verify_ssl = True if not url.startswith('<https://localhost>') else False

    response = requests.post(
        host,
        data=json.dumps({"query": sql}),
        headers=get_es_auth(conf),
        verify=verify_ssl,
        timeout=30
    )

Call Chain:

1. User creates datasource with malicious host configuration
2. exec_sql() calls get_es_data_by_http()
3. Direct HTTP request to user-controlled URL

PoC

1. log in to the background, add Elasticsearch Database