molecule-core

History

molecule-ai[bot] de11188cc4 fix(F1085): scope rm to /configs volume in deleteViaEphemeral (#1616 ) * fix(F1085): scope rm to /configs volume in deleteViaEphemeral Regressed by commit `49ab614` ("CWE-78/CWE-22 — block shell injection in deleteViaEphemeral") which changed the rm form from the scoped concat "/configs/" + filePath to the unscoped 2-arg "/configs", filePath. With 2 args, rm receives /configs as the first target — rm -rf /configs attempts to delete the entire volume mount before processing filePath, which is the F1085 (Misconfiguration - Filesystems) defect. The concat form passes a single scoped path so rm only touches files inside /configs. validateRelPath call retained as CWE-22 defence-in-depth. * docs: note F1085 defect in deleteViaEphemeral 2-arg rm form Amends the CWE-22+CWE-78 incident entry to record that commit `49ab614` regressed the F1085 (volume deletion scope) fix, and that f1085-fix commit a432df5 restores the correct concat form. --------- Co-authored-by: Molecule AI CP-QA <cp-qa@agents.moleculesai.app>		2026-04-22 18:44:52 +00:00
..
a2a_proxy_helpers.go	fix(restart): support SaaS control-plane provisioner (unblocks Platform Go build too) (#1512 )	2026-04-21 22:56:01 +00:00
a2a_proxy_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
a2a_proxy.go	fix(restart): support SaaS control-plane provisioner (unblocks Platform Go build too) (#1512 )	2026-04-21 22:56:01 +00:00
activity_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
activity.go	fix(security): replace err.Error() with generic messages in handler responses (#1193 )	2026-04-21 00:56:03 +00:00
admin_memories_test.go	fix(tenant-guard): allowlist /registry/register + /registry/heartbeat (#1236 )	2026-04-21 02:47:27 +00:00
admin_memories.go	fix(org-api-tokens): add org_id column, close requireCallerOwnsOrg regression	2026-04-21 01:34:05 +00:00
admin_schedules_health_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
admin_schedules_health.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
admin_test_token_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
admin_test_token.go	fix(security): close IDOR gaps on /admin/test-token and /orgs/:id/allowlist	2026-04-20 23:29:27 +00:00
agent_git_identity_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
agent_git_identity.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
agent_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
agent.go	fix(security): replace err.Error() with generic messages in handler responses (#1193 )	2026-04-21 00:56:03 +00:00
approvals_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
approvals.go	fix(security): replace err.Error() with generic messages in handler responses (#1193 )	2026-04-21 00:56:03 +00:00
artifacts_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
artifacts.go	fix(security): replace err.Error() with generic messages in handler responses (#1193 )	2026-04-21 00:56:03 +00:00
audit_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
audit.go	fix: guard HMAC slice truncation in audit chain verification (fixes #1332 ) (#1339 )	2026-04-21 07:52:11 +00:00
budget_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
budget.go	fix(security): replace err.Error() with generic messages in handler responses (#1193 )	2026-04-21 00:56:03 +00:00
bundle.go	fix(security): replace err.Error() with generic messages in handler responses (#1193 )	2026-04-21 00:56:03 +00:00
channels_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
channels.go	Merge main into staging - resolving 1,388 commit divergence for PR #1573	2026-04-22 13:54:53 +00:00
checkpoints_integration_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
checkpoints_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
checkpoints.go	fix(security): replace err.Error() with generic messages in handler responses (#1193 )	2026-04-21 00:56:03 +00:00
config_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
config.go	fix(security): cap webhook + config PATCH bodies (H3/H4)	2026-04-19 01:23:03 -07:00
container_files_test.go	test(handlers): add CWE-22 regression suite + KI-005 terminal access fix + tests (#1574 )	2026-04-22 15:30:11 +00:00
container_files.go	fix(F1085): scope rm to /configs volume in deleteViaEphemeral (#1616 )	2026-04-22 18:44:52 +00:00
delegation_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
delegation.go	fix(security): replace err.Error() with generic messages in handler responses (#1193 )	2026-04-21 00:56:03 +00:00
discovery_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
discovery.go	fix(security): replace err.Error() with generic messages in handler responses (#1193 )	2026-04-21 00:56:03 +00:00
events_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
events.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
github_token_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
github_token.go	fix(go): replace $1 literal with resp.Body.Close() in 7 files (#1247 )	2026-04-21 03:18:21 +00:00
handlers_additional_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
handlers_extended_test.go	Fix TestExtended_WorkspaceDelete missing sqlmock expectations	2026-04-20 01:13:52 -07:00
handlers_test.go	fix(security): strip current_task from public GET /workspaces/:id (closes #955 )	2026-04-18 07:48:59 -07:00
hermes_messages_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
hermes_messages.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
hibernation_test.go	feat(platform): 409 guard on /hibernate when active_tasks > 0 (closes #822 )	2026-04-18 12:09:52 -07:00
mcp_test.go	fix(security): backport SSRF defence (CWE-918) to main — isSafeURL in a2a_proxy.go (#1292 ) (#1302 )	2026-04-21 07:06:42 +00:00
mcp_tools.go	fix(restart): support SaaS control-plane provisioner (unblocks Platform Go build too) (#1512 )	2026-04-21 22:56:01 +00:00
mcp.go	fix: CWE-78 rm scope, go vet failures, delegation idempotency	2026-04-21 18:22:30 +00:00
memories_test.go	test: GLOBAL memory delimiter spoofing escape + LOCAL scope untouched	2026-04-18 11:54:52 -07:00
memories.go	fix(security): replace err.Error() with generic messages in handler responses (#1193 )	2026-04-21 00:56:03 +00:00
memory_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
memory.go	fix(security): replace err.Error() with generic messages in handler responses (#1193 )	2026-04-21 00:56:03 +00:00
org_helpers.go	fix: CWE-78 rm scope, go vet failures, delegation idempotency	2026-04-21 18:22:30 +00:00
org_import.go	fix: CWE-78 rm scope, go vet failures, delegation idempotency	2026-04-21 18:22:30 +00:00
org_include_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
org_include.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
org_path_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
org_plugin_allowlist_test.go	fix(auth): F1094 — requireCallerOwnsOrg reads org_id not created_by (#1200 ) (#1220 )	2026-04-21 02:11:27 +00:00
org_plugin_allowlist.go	fix(auth): F1094 — requireCallerOwnsOrg reads org_id not created_by (#1200 ) (#1220 )	2026-04-21 02:11:27 +00:00
org_prompt_ref_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
org_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
org_tokens_test.go	fix(org-tokens): rate-limit mint, bound list, correct audit provenance	2026-04-20 14:22:38 -07:00
org_tokens.go	fix(platform): unblock SaaS workspace registration end-to-end	2026-04-21 03:06:46 -07:00
org.go	fix: CWE-78 rm scope, go vet failures, delegation idempotency	2026-04-21 18:22:30 +00:00
plugins_install_pipeline_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
plugins_install_pipeline.go	fix(security): close F1086 err.Error() leaks in plugin install pipeline + provision (#1206 )	2026-04-21 03:54:50 +00:00
plugins_install.go	fix(security): replace err.Error() with generic messages in handler responses (#1193 )	2026-04-21 00:56:03 +00:00
plugins_listing.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
plugins_sources.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
plugins_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
plugins.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
registry_test.go	Merge remote-tracking branch 'origin/staging' into feat/bootstrap-failed-and-console-proxy	2026-04-20 17:31:16 -07:00
registry.go	Merge main into staging - resolving 1,388 commit divergence for PR #1573	2026-04-22 13:54:53 +00:00
restart_context_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
restart_context.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
schedules_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
schedules.go	fix(security): replace err.Error() with generic messages in handler responses (#1193 )	2026-04-21 00:56:03 +00:00
secrets_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
secrets.go	fix(security): replace err.Error() with generic messages in handler responses (#1193 )	2026-04-21 00:56:03 +00:00
security_regression_685_686_687_688_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
socket.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
sse_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
sse.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
ssrf_test.go	fix(core): resolve main build — remove duplicate SSRF function declarations	2026-04-21 17:03:36 +00:00
ssrf.go	fix: CWE-78 rm scope, go vet failures, delegation idempotency	2026-04-21 18:22:30 +00:00
team_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
team.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
template_import_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
template_import.go	fix(security): replace err.Error() with generic messages in handler responses (#1193 )	2026-04-21 00:56:03 +00:00
templates_test.go	fix(canvas+templates): fetch runtime dropdown from /templates registry (#1526 )	2026-04-22 15:07:46 +00:00
templates.go	fix(canvas+templates): fetch runtime dropdown from /templates registry (#1526 )	2026-04-22 15:07:46 +00:00
terminal_test.go	test(handlers): add CWE-22 regression suite + KI-005 terminal access fix + tests (#1574 )	2026-04-22 15:30:11 +00:00
terminal.go	test(handlers): add CWE-22 regression suite + KI-005 terminal access fix + tests (#1574 )	2026-04-22 15:30:11 +00:00
tokens_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
tokens.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
traces_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
traces.go	fix(go): replace $1 literal with resp.Body.Close() in 7 files (#1247 )	2026-04-21 03:18:21 +00:00
transcript_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
transcript.go	fix(go): replace $1 literal with resp.Body.Close() in 7 files (#1247 )	2026-04-21 03:18:21 +00:00
viewport_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
viewport.go	fix(security): replace err.Error() with generic messages in handler responses (#1193 )	2026-04-21 00:56:03 +00:00
webhooks_test.go	feat: event-driven cron triggers + auto-push hook for agent productivity	2026-04-19 20:26:35 -07:00
webhooks_workflow_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
webhooks.go	fix: multiple platform handler bug fixes	2026-04-20 05:01:01 +00:00
workspace_bootstrap_test.go	feat(platform): bootstrap-failed + console endpoints for CP watcher	2026-04-20 17:11:34 -07:00
workspace_bootstrap.go	fix(security): sanitize error details in BootstrapFailed, provision, and plugin install (#1219 )	2026-04-21 02:11:38 +00:00
workspace_budget_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
workspace_crud.go	Merge main into staging - resolving 1,388 commit divergence for PR #1573	2026-04-22 13:54:53 +00:00
workspace_metrics_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
workspace_metrics.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
workspace_preflight_test.go	chore: code-review cleanup on today's shipped PRs	2026-04-20 16:04:57 -07:00
workspace_preflight.go	chore: code-review cleanup on today's shipped PRs	2026-04-20 16:04:57 -07:00
workspace_provision_test.go	fix(restart): support SaaS control-plane provisioner (unblocks Platform Go build too) (#1512 )	2026-04-21 22:56:01 +00:00
workspace_provision.go	feat(workspace): persist CP-returned EC2 instance_id on provision	2026-04-21 17:56:15 -07:00
workspace_restart_test.go	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
workspace_restart.go	Merge main into staging - resolving 1,388 commit divergence for PR #1573	2026-04-22 13:54:53 +00:00
workspace_test.go	test: add cascade schedule disable tests for #1027	2026-04-19 22:00:50 -07:00
workspace.go	fix: CWE-78 rm scope, go vet failures, delegation idempotency	2026-04-21 18:22:30 +00:00