core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
c90ada34ac
molecule-core/workspace-server/internal
History
molecule-ai[bot] c90ada34ac fix(container_files.go): add validateRelPath definition + CWE-78 exec form (#1328) 
Issue #1317: validateRelPath was called in deleteViaEphemeral but
never defined — staging dc21821 would fail Go build if CI completed.

Changes:
- Add validateRelPath function (filepath.Clean + abs/traversal guard)
  matching the pattern used on main (PR #1310).
- Upgrade deleteViaEphemeral to exec form ([]string{...}) so filePath
  is passed as a plain argument, not interpolated into a shell string.
  This eliminates shell injection (CWE-78) entirely.
- Add ContainerWait loop to guarantee rm completes before container
  removal (avoids race on fast delete vs container-stop).

Co-authored-by: Molecule AI Infra-Runtime-BE <infra-runtime-be@agents.moleculesai.app>
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 07:28:36 +00:00
..
artifacts fix(tenant-guard): allowlist /registry/register + /registry/heartbeat (#1236) 2026-04-21 02:47:27 +00:00
bundle fix(tenant-guard): allowlist /registry/register + /registry/heartbeat (#1236) 2026-04-21 02:47:27 +00:00
channels fix(errcheck): suppress unchecked resp.Body.Close() across workspace-server (#1229) 2026-04-21 02:45:34 +00:00
crypto chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
db test: schema_migrations tracking — 4 cases (first boot, re-boot, mixed, down.sql filter) 2026-04-18 11:52:27 -07:00
envx chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
events chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
handlers fix(container_files.go): add validateRelPath definition + CWE-78 exec form (#1328) 2026-04-21 07:28:36 +00:00
metrics chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
middleware fix(F1097): set org_id in Gin context for org-token callers (#1218) (#1253) 2026-04-21 03:26:47 +00:00
models feat: seed initial memories from org template and create payload (#1050) 2026-04-20 00:35:49 -07:00
orgtoken fix(F1097): set org_id in Gin context for org-token callers (#1218) (#1253) 2026-04-21 03:26:47 +00:00
plugins chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
provisioner fix(go): replace $1 literal with resp.Body.Close() in 7 files (#1247) 2026-04-21 03:18:21 +00:00
registry fix(sweeper): emit WORKSPACE_PROVISION_FAILED so canvas updates UI 2026-04-20 20:38:41 -07:00
router Merge remote-tracking branch 'origin/staging' into feat/bootstrap-failed-and-console-proxy 2026-04-20 17:31:16 -07:00
scheduler fix(scheduler): use context.Background() for post-fire UPDATE (F1089) (#1244) 2026-04-21 03:07:26 +00:00
supervised chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
ws chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
wsauth chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00