From a66cc65e5f9a81cd4fc5c2a1e0d9632579d16718 Mon Sep 17 00:00:00 2001
From: Ayoola Opere <aopere@academic.rrc.ca>
Date: Mon, 15 Dec 2025 23:22:30 -0600
Subject: [PATCH] Security Fix: Remap UNSANDBOXED mode to V8 Isolate to prevent
 RCE

---
 workflow/packages/engine/src/lib/core/code/code-sandbox.ts | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/workflow/packages/engine/src/lib/core/code/code-sandbox.ts b/workflow/packages/engine/src/lib/core/code/code-sandbox.ts
index a39a4b77..df47ed16 100644
--- a/workflow/packages/engine/src/lib/core/code/code-sandbox.ts
+++ b/workflow/packages/engine/src/lib/core/code/code-sandbox.ts
@@ -15,8 +15,11 @@ const loadV8IsolateSandbox = async (): Promise<CodeSandbox> => {
 
 const loadCodeSandbox = async (): Promise<CodeSandbox> => {
     const loaders = {
-        [ExecutionMode.UNSANDBOXED]: loadNoOpCodeSandbox,
-        [ExecutionMode.SANDBOXED]: loadNoOpCodeSandbox,
+        // SECURITY FIX: Changed from loadNoOpCodeSandbox to loadV8IsolateSandbox
+        // to prevent RCE via Function() constructor in no-op sandbox
+        // See: https://github.com/AIxBlock-2023/aixblock-ai-dev-platform-public/issues/XXX
+        [ExecutionMode.UNSANDBOXED]: loadV8IsolateSandbox,
+        [ExecutionMode.SANDBOXED]: loadV8IsolateSandbox,
         [ExecutionMode.SANDBOX_CODE_ONLY]: loadV8IsolateSandbox,
     }
     assertNotNullOrUndefined(EXECUTION_MODE, 'AP_EXECUTION_MODE')