chatchat-space · NullLabTests · Jun 18, 2026
diff --git a/libs/chatchat-server/chatchat/server/agent/tools_factory/__init__.py b/libs/chatchat-server/chatchat/server/agent/tools_factory/__init__.py
@@ -3,7 +3,7 @@
 from .search_internet import search_internet
 from .search_local_knowledgebase import search_local_knowledgebase
 from .search_youtube import search_youtube
-from .shell import shell
+# from .shell import shell  # Disabled by default: shell tool enables arbitrary OS command execution via /tools/call
 from .text2image import text2images
 from .text2sql import text2sql
 from .weather_check import weather_check

diff --git a/libs/chatchat-server/chatchat/server/api_server/tool_routes.py b/libs/chatchat-server/chatchat/server/api_server/tool_routes.py
@@ -1,17 +1,35 @@
 from __future__ import annotations
 
 import logging
+import os
 from typing import List
 
-from fastapi import APIRouter, Body, Request
+from fastapi import APIRouter, Body, Depends, HTTPException, Request
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
 
 from chatchat.server.utils import BaseResponse, get_tool, get_tool_config
 from chatchat.utils import build_logger
 
 
 logger = build_logger()
 
-tool_router = APIRouter(prefix="/tools", tags=["Toolkits"])
+security_scheme = HTTPBearer(auto_error=False)
+
+
+async def verify_api_key(
+    credentials: HTTPAuthorizationCredentials | None = Depends(security_scheme),
+) -> None:
+    api_key = os.environ.get("CHATCHAT_API_KEY", "")
+    if api_key:
+        if credentials is None or credentials.credentials != api_key:
+            raise HTTPException(status_code=401, detail="Invalid or missing API key")
+
+
+tool_router = APIRouter(
+    prefix="/tools",
+    tags=["Toolkits"],
+    dependencies=[Depends(verify_api_key)] if os.environ.get("CHATCHAT_API_KEY", "") else [],
+)
 
 
 @tool_router.get("", response_model=BaseResponse)

diff --git a/libs/chatchat-server/chatchat/server/knowledge_base/utils.py b/libs/chatchat-server/chatchat/server/knowledge_base/utils.py
@@ -24,8 +24,16 @@
 
 
 def validate_kb_name(knowledge_base_id: str) -> bool:
-    # 检查是否包含预期外的字符或路径攻击关键字
-    if "../" in knowledge_base_id:
+    # Prevent path traversal attacks by rejecting traversal sequences,
+    # absolute paths, and hidden directory references
+    if not knowledge_base_id:
+        return False
+    if "../" in knowledge_base_id or "..\\" in knowledge_base_id:
+        return False
+    if os.path.isabs(knowledge_base_id):
+        return False
+    normalized = os.path.normpath(knowledge_base_id)
+    if normalized.startswith(".."):
         return False
     return True