core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
5fd25dc0df
molecule-core/platform/internal
History
Molecule AI QA Engineer 5fd25dc0df test(security): regression suite for input validation fixes (#685 #686 #687 #688) 
30 test cases covering all four security fixes from PR #701:

  #686 — AdminAuth gate on GET /templates and GET /org/templates:
    - NoAuth returns 401 when tokens are enrolled
    - FreshInstall fails open (bootstraps correctly)

  #687 — UUID path param validation:
    - URL-encoded traversal (..%2f..%2fetc%2fpasswd) → 400
    - Non-UUID strings (not-a-uuid, ws-123, XSS payloads) → 400
    - Valid UUIDs pass through (regression check)

  #688 — Field length limits:
    - name=256, role=1001, model=101 chars → 400
    - Exact-boundary values (255/1000/100) → pass (off-by-one guard)

  #685 — YAML injection via newline/CR:
    - Newline in name, CR in role → 400
    - YAML multi-field injection payload "agent\nrole: injected" → 400

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-17 12:37:13 +00:00
..
artifacts fix(platform): address security review findings on CF Artifacts (#641) 2026-04-17 06:39:47 +00:00
bundle initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
channels fix(security): cap discord error response body read at 4096 bytes 2026-04-17 10:46:09 +00:00
crypto initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
db fix(liveness): raise workspace TTL 60s → 180s to survive Opus synthesis (#386) 2026-04-16 00:05:45 -07:00
envx initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
events feat(platform): AG-UI compatible SSE endpoint for streaming agent events (#590) 2026-04-17 05:16:51 +00:00
handlers test(security): regression suite for input validation fixes (#685 #686 #687 #688) 2026-04-17 12:37:13 +00:00
metrics initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
middleware Merge pull request #629 from Molecule-AI/fix/issue-614-security-headers 2026-04-17 06:18:25 +00:00
models fix(gate-1): resolve merge conflicts with main 2026-04-17 06:27:14 +00:00
plugins initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
provisioner fix: restore cp_provisioner.go updated for EC2 backend 2026-04-16 14:25:43 -07:00
registry fix(registry): allow ancestor↔descendant A2A so audit_summary can reach PM 2026-04-14 22:18:38 -07:00
router Merge pull request #701 from Molecule-AI/fix/issue-685-686-687-688-input-validation 2026-04-17 12:32:03 +00:00
scheduler fix(code-review): CanvasOrBearer fall-through, scheduler short(), activity spoof log + 6 new tests 2026-04-15 11:48:25 -07:00
supervised fix(platform): panic-recovering supervisor for every background goroutine (#92) 2026-04-14 20:34:18 -07:00
ws initial commit — Molecule AI platform 2026-04-13 11:55:37 -07:00
wsauth fix(security): close WorkspaceAuth fail-open on non-existent workspace IDs (#318) 2026-04-15 21:02:29 -07:00