From 6ab562817364a538b902db75b2051461f67d4047 Mon Sep 17 00:00:00 2001 From: "pensarapp[bot]" <182705637+pensarapp[bot]@users.noreply.github.com> Date: Mon, 9 Jun 2025 16:44:42 +0000 Subject: [PATCH] Fix security issue: Unprotected Critical Data Deletion Function (CWE-285) --- cognee/modules/data/deletion/prune_system.py | 22 ++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/cognee/modules/data/deletion/prune_system.py b/cognee/modules/data/deletion/prune_system.py index 055d69b55..27d819a7a 100644 --- a/cognee/modules/data/deletion/prune_system.py +++ b/cognee/modules/data/deletion/prune_system.py @@ -3,7 +3,25 @@ from cognee.infrastructure.databases.graph.get_graph_engine import get_graph_eng from cognee.infrastructure.databases.relational import get_relational_engine -async def prune_system(graph=True, vector=True, metadata=False): +async def prune_system(*, graph=True, vector=True, metadata=False, authorized=False): + """ + Perform destructive deletion of core system data stores. + + Args: + graph (bool): Delete the graph database if True. + vector (bool): Prune the vector index if True. + metadata (bool): Drop the relational metadata database if True. + authorized (bool): Must be True to allow destructive operation. Caller is responsible for enforcing proper authentication & authorization before passing authorized=True. + + Raises: + PermissionError: If authorized is not True. + """ + if not authorized: + raise PermissionError( + "Unauthorized access: prune_system may only be called with explicit authorized=True " + "following a successful authentication and authorization check." + ) + if graph: graph_engine = await get_graph_engine() await graph_engine.delete_graph() @@ -14,4 +32,4 @@ async def prune_system(graph=True, vector=True, metadata=False): if metadata: db_engine = get_relational_engine() - await db_engine.delete_database() + await db_engine.delete_database() \ No newline at end of file