forked from molecule-ai/molecule-core
5fa86cfbbd
Add two defenses against malicious plugins from uncontrolled sources: 1. **Pinned-ref enforcement** (resolveAndStage): github:// install/download specs without a #<tag/sha> suffix are now rejected with HTTP 422. A mutable default-branch tip could change between audit and install, silently swapping in untrusted code. Override via PLUGIN_ALLOW_UNPINNED=true. 2. **SHA-256 content integrity** (installRequest.sha256): callers may supply the expected hex SHA-256 of the fetched plugin.yaml. When present, resolveAndStage verifies the digest after staging; a mismatch aborts the install with HTTP 422 and cleans up the staging dir. Updated TestPluginDownload_GithubSchemeStreamsTarball to use a pinned ref (#v1.0.0) so it reflects the new security requirement. Tests: 4 new (TestPluginInstall_SHA256Mismatch_AbortsInstall, TestPluginInstall_SHA256Match_Succeeds, TestPluginInstall_UnpinnedRef_Rejected, TestPluginInstall_PinnedRef_Accepted). All 15 packages green. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| cmd/server | ||
| internal | ||
| migrations | ||
| pkg/provisionhook | ||
| Dockerfile | ||
| Dockerfile.tenant | ||
| entrypoint-tenant.sh | ||
| go.mod | ||
| go.sum | ||