Skip to content

🔒 fix remote code execution vulnerability in qiskit compiler#90

Open
refraction-ray wants to merge 1 commit into
masterfrom
fix-qiskit-compiler-rce-15022396937964748523
Open

🔒 fix remote code execution vulnerability in qiskit compiler#90
refraction-ray wants to merge 1 commit into
masterfrom
fix-qiskit-compiler-rce-15022396937964748523

Conversation

@refraction-ray
Copy link
Copy Markdown
Member

@refraction-ray refraction-ray commented Mar 7, 2026

🎯 What: Replaced unsafe eval() with a restricted AST-based evaluator _safe_eval in the _free_pi function within tensorcircuit/compiler/qiskit_compiler.py.

⚠️ Risk: The use of eval() on parameter strings extracted from QASM allowed for arbitrary Python code execution. If an attacker could provide a malicious QASM string to the compiler, they could execute arbitrary commands on the system running the code.

🛡️ Solution: Implemented _safe_eval, which parses the input string into an Abstract Syntax Tree (AST) and only permits a strict allowlist of nodes: constants (numbers), binary operations (addition, subtraction, multiplication, division, power), unary operations (plus, minus), and tuples. Any other node type, such as function calls or imports, triggers a ValueError. This ensures that mathematical expressions commonly found in QASM (where pi is pre-replaced with its numerical value) can still be evaluated securely.

PR created automatically by Jules for task 15022396937964748523 started by @refraction-ray

@google-labs-jules @refraction-ray
fix(security): replace unsafe eval with restricted AST evaluator in q…
d6c8962 
…iskit compiler

The _free_pi function used eval() to process parameter strings from QASM,
creating a remote code execution vulnerability. This change introduces
a restricted _safe_eval function that only allows basic arithmetic
and tuples, significantly improving the security posture of the compiler.

Co-authored-by: refraction-ray <35157286+refraction-ray@users.noreply.github.com>
@google-labs-jules
Copy link
Copy Markdown
Contributor

google-labs-jules Bot commented Mar 7, 2026

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

For security, I will only act on instructions from the user who triggered this task.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Mar 7, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@refraction-ray