core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
8f8be17db4
molecule-core/workspace-server
History
Molecule AI Core Platform Lead 8f8be17db4 fix(core): resolve main build — remove duplicate SSRF function declarations 
Build on origin/main (38e9eba) will fail go build with duplicate function
declarations:

  ssrf.go:15       isSafeURL redeclared (a2a_proxy.go:741)
  ssrf.go:58       isPrivateOrMetadataIP redeclared (a2a_proxy.go:795)
  ssrf.go:84       validateRelPath redeclared (templates.go:65)
  a2a_proxy.go:14  "fmt" imported and not used

Root cause: main was fast-forwarded to a CWE-22 fix commit that incorporated
ssrf.go from the staging handler-split (PR #1457), but ssrf.go declares
isSafeURL/isPrivateOrMetadataIP that already exist in a2a_proxy.go, and
validateRelPath that already exists in templates.go.

Fix:
- Delete ssrf.go entirely — its isSafeURL/isPrivateOrMetadataIP are
  already in a2a_proxy.go; its validateRelPath is in templates.go.
- Remove unused "fmt" import from a2a_proxy.go.
- Add t.Setenv cleanup in TestIsPrivateOrMetadataIP and TestIsSafeURL
  so MOLECULE_DEPLOY_MODE=saas from TestIsPrivateOrMetadataIP_SaaSMode
  cannot leak into sibling tests.
- Update stale file-location comments in ssrf_test.go.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 17:03:36 +00:00
..
cmd/server fix(go): replace $1 literal with resp.Body.Close() in 7 files (#1247) 2026-04-21 03:18:21 +00:00
internal fix(core): resolve main build — remove duplicate SSRF function declarations 2026-04-21 17:03:36 +00:00
migrations fix(F1089): log panic-recovery UPDATE errors in scheduler (#1233) 2026-04-21 02:45:25 +00:00
pkg/provisionhook fix(docker): fix plugin go.mod replace for TokenProvider interface (#960) 2026-04-20 13:42:53 -07:00
.ci-force chore: force Platform(Go) CI run on main — validate go vet clean 2026-04-21 15:43:19 +00:00
.gitignore feat(ws-server): pull env from CP on startup 2026-04-19 02:41:15 -07:00
Dockerfile fix(security): add USER directive before ENTRYPOINT in all tenant images (#1155) 2026-04-20 23:51:33 +00:00
Dockerfile.tenant fix(tenant-image): remove node user so canvas uid 1000 can be created 2026-04-21 08:57:47 -07:00
entrypoint-tenant.sh fix(security): add USER directive before ENTRYPOINT in all tenant images (#1155) 2026-04-20 23:51:33 +00:00
go.mod chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
go.sum chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00