mirror of
https://github.com/garrytan/gstack.git
synced 2026-05-01 19:25:10 +02:00
Garry Tan
7450b5160b
* fix: remove auth token from /health, secure extension bootstrap (CRITICAL-02 + HIGH-03) - Remove token from /health response (was leaked to any localhost process) - Write .auth.json to extension dir for Manifest V3 bootstrap - sidebar-agent reads token from state file via BROWSE_STATE_FILE env var - Remove getToken handler from extension (token via health broadcast) - Extension loads token before first health poll to prevent race condition * fix: require auth on cookie-picker data routes (CRITICAL-01) - Add Bearer token auth gate on all /cookie-picker/* data/action routes - GET /cookie-picker HTML page stays unauthenticated (UI shell) - Token embedded in served HTML for picker's fetch calls - CORS preflight now allows Authorization header * fix: add state file TTL and plaintext cookie warning (HIGH-02) - Add savedAt timestamp to state save output - Warn on load if state file older than 7 days - Auto-delete stale state files (>7 days) on server startup - Warning about plaintext cookie storage in save message * fix: innerHTML XSS in extension content script and sidepanel (MEDIUM-01) - content.js: replace innerHTML with createElement/textContent for ref panel - sidepanel.js: escape entry.command with escapeHtml() in activity feed - Both found by security audit + Codex adversarial red team * fix: symlink bypass in validateReadPath (MEDIUM-02) - Always resolve to absolute path first (fixes relative path bypass) - Use realpathSync to follow symlinks before boundary check - Throw on non-ENOENT realpathSync failures (explicit over silent) - Resolve SAFE_DIRECTORIES through realpathSync (macOS /tmp → /private/tmp) - Resolve directory part for non-existent files (ENOENT with symlinked parent) * fix: freeze hook symlink bypass and prefix collision (MEDIUM-03) - Add POSIX-portable path resolution (cd + pwd -P, works on macOS) - Fix prefix collision: /project-evil no longer matches /project freeze dir - Use trailing slash in boundary check to require directory boundary * fix: shell script injection in gstack-config and telemetry (MEDIUM-04) - gstack-config: validate keys (alphanumeric+underscore only) - gstack-config: use grep -F (fixed string) instead of -E (regex) - gstack-config: escape sed special chars in values, drop newlines - gstack-telemetry-log: sanitize REPO_SLUG and BRANCH via json_safe() * test: 20 security tests for audit remediation - server-auth: verify token removed from /health, auth on /refs, /activity/* - cookie-picker: auth required on data routes, HTML page unauthenticated - path-validation: symlink bypass blocked, realpathSync failure throws - gstack-config: regex key rejected, sed special chars preserved - state-ttl: savedAt timestamp, 7-day TTL warning - telemetry: branch/repo with quotes don't corrupt JSON - adversarial: sidepanel escapes entry.command, freeze prefix collision * chore: bump version and changelog (v0.13.1.0) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * docs: tone down changelog — defense in depth, not catastrophic bugs Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
92 lines
3.3 KiB
TypeScript
92 lines
3.3 KiB
TypeScript
import { describe, it, expect } from 'bun:test';
|
|
import { validateOutputPath } from '../src/meta-commands';
|
|
import { validateReadPath } from '../src/read-commands';
|
|
import { symlinkSync, unlinkSync, writeFileSync } from 'fs';
|
|
import { tmpdir } from 'os';
|
|
import { join } from 'path';
|
|
|
|
describe('validateOutputPath', () => {
|
|
it('allows paths within /tmp', () => {
|
|
expect(() => validateOutputPath('/tmp/screenshot.png')).not.toThrow();
|
|
});
|
|
|
|
it('allows paths in subdirectories of /tmp', () => {
|
|
expect(() => validateOutputPath('/tmp/browse/output.png')).not.toThrow();
|
|
});
|
|
|
|
it('allows paths within cwd', () => {
|
|
expect(() => validateOutputPath(`${process.cwd()}/output.png`)).not.toThrow();
|
|
});
|
|
|
|
it('blocks paths outside safe directories', () => {
|
|
expect(() => validateOutputPath('/etc/cron.d/backdoor.png')).toThrow(/Path must be within/);
|
|
});
|
|
|
|
it('blocks /tmpevil prefix collision', () => {
|
|
expect(() => validateOutputPath('/tmpevil/file.png')).toThrow(/Path must be within/);
|
|
});
|
|
|
|
it('blocks home directory paths', () => {
|
|
expect(() => validateOutputPath('/Users/someone/file.png')).toThrow(/Path must be within/);
|
|
});
|
|
|
|
it('blocks path traversal via ..', () => {
|
|
expect(() => validateOutputPath('/tmp/../etc/passwd')).toThrow(/Path must be within/);
|
|
});
|
|
});
|
|
|
|
describe('validateReadPath', () => {
|
|
it('allows absolute paths within /tmp', () => {
|
|
expect(() => validateReadPath('/tmp/script.js')).not.toThrow();
|
|
});
|
|
|
|
it('allows absolute paths within cwd', () => {
|
|
expect(() => validateReadPath(`${process.cwd()}/test.js`)).not.toThrow();
|
|
});
|
|
|
|
it('allows relative paths without traversal', () => {
|
|
expect(() => validateReadPath('src/index.js')).not.toThrow();
|
|
});
|
|
|
|
it('blocks absolute paths outside safe directories', () => {
|
|
expect(() => validateReadPath('/etc/passwd')).toThrow(/Path must be within/);
|
|
});
|
|
|
|
it('blocks /tmpevil prefix collision', () => {
|
|
expect(() => validateReadPath('/tmpevil/file.js')).toThrow(/Path must be within/);
|
|
});
|
|
|
|
it('blocks path traversal sequences', () => {
|
|
expect(() => validateReadPath('../../../etc/passwd')).toThrow(/Path must be within/);
|
|
});
|
|
|
|
it('blocks nested path traversal', () => {
|
|
expect(() => validateReadPath('src/../../etc/passwd')).toThrow(/Path must be within/);
|
|
});
|
|
|
|
it('blocks symlink inside safe dir pointing outside', () => {
|
|
const linkPath = join(tmpdir(), 'test-symlink-bypass-' + Date.now());
|
|
try {
|
|
symlinkSync('/etc/passwd', linkPath);
|
|
expect(() => validateReadPath(linkPath)).toThrow(/Path must be within/);
|
|
} finally {
|
|
try { unlinkSync(linkPath); } catch {}
|
|
}
|
|
});
|
|
|
|
it('throws clear error on non-ENOENT realpathSync failure', () => {
|
|
// Attempting to resolve a path through a non-directory should throw
|
|
// a descriptive error (ENOTDIR), not silently pass through.
|
|
// Create a regular file, then try to resolve a path through it as if it were a directory.
|
|
const filePath = join(tmpdir(), 'test-notdir-' + Date.now());
|
|
try {
|
|
writeFileSync(filePath, 'not a directory');
|
|
// filePath is a file, so filePath + '/subpath' triggers ENOTDIR
|
|
const invalidPath = join(filePath, 'subpath');
|
|
expect(() => validateReadPath(invalidPath)).toThrow(/Cannot resolve real path|Path must be within/);
|
|
} finally {
|
|
try { unlinkSync(filePath); } catch {}
|
|
}
|
|
});
|
|
});
|