fix(security): add host/origin allowlist + validate git refs + quote workflow input (#2185)

Three defense-in-depth fixes around untrusted input flowing to subprocess execution: 1. **Control-pane HTTP server (scripts/lib/control-pane/server.js)** The local control-pane API binds to 127.0.0.1 but had no Host or Origin validation, so a DNS-rebinding attack from a malicious website could pivot into the loopback endpoints — including POST /api/actions/:id, which spawns 'cargo run -- graph ...' with caller-supplied query strings. Add a hostname allowlist (loopback variants plus the explicitly configured --host) and reject mismatched Host (421) or non-loopback Origin (403) before any route handler runs. 2. **OpenCode git-summary tool (.opencode/tools/git-summary.ts)** The tool was building 'git diff ${baseBranch}...HEAD --stat' with execSync and a raw model-supplied baseBranch string. Switch run() to execFileSync with an args array (no shell), validate baseBranch against a conservative git-ref allowlist (rejects shell metacharacters, leading -, embedded ..), and clamp the depth arg to a small positive integer before interpolating into 'git log --oneline -<N>'. 3. **Reusable test workflow (.github/workflows/reusable-test.yml)** The 'Install dependencies' step interpolated ${{ inputs.package-manager }} directly into a bash 'case' and into an echo, so a downstream caller that forwarded attacker-controllable input could inject into the runner. Move the input into a PACKAGE_MANAGER env var and reference $PACKAGE_MANAGER inside the script per the GitHub script-injection guidance. Detected by Aeon + semgrep p/security-audit (host check via threat-model manual-review axis; git-summary via detect-child-process; workflow via run-shell-injection). Verification: node tests/run-all.js — 2686/2687 pre-existing tests pass; the one failure (observe.sh legacy output fallback) reproduces on main without this branch applied. Added 2 new control-pane tests covering the allowlist classifier and the DNS-rebinding-gate behavior end-to-end. --- Filed by [Aeon](https://github.com/aaronjmars/aeon-aaron). Co-authored-by: aeonframework <aeon@aaronjmars.com>
2026-06-23 00:21:27 +08:00 · 2026-06-15 13:49:40 -04:00
parent 41065bc0b2
commit 1c3280dc0d
4 changed files with 172 additions and 11 deletions
@@ -69,8 +69,9 @@ jobs:
          COREPACK_ENABLE_STRICT: '0'
          npm_config_ignore_scripts: 'true'
          YARN_ENABLE_SCRIPTS: 'false'
+          PACKAGE_MANAGER: ${{ inputs.package-manager }}
        run: |
-          case "${{ inputs.package-manager }}" in
+          case "$PACKAGE_MANAGER" in
            npm) npm ci --ignore-scripts ;;
            # pnpm v10 can fail CI on ignored native build scripts
            # (for example msgpackr-extract) even though this repo is Yarn-native
@@ -79,7 +80,7 @@ jobs:
            # Yarn Berry (v4+) removed --ignore-engines; engine checking is no longer a core feature
            yarn) yarn install --mode=skip-build ;;
            bun) bun install --ignore-scripts ;;
-            *) echo "Unsupported package manager: ${{ inputs.package-manager }}" && exit 1 ;;
+            *) echo "Unsupported package manager: $PACKAGE_MANAGER" && exit 1 ;;
          esac

      - name: Run tests