core-lead/molecule-core
1
0
Fork 0
forked from molecule-ai/molecule-core
Code Pull Requests Activity
dc218212be
molecule-core/workspace-server
History
molecule-ai[bot] dc218212be fix(security): CWE-22 path traversal in copyFilesToContainer and deleteViaEphemeral 
CWE-22 fix:
- copyFilesToContainer: validate with filepath.Clean + IsAbs + strings.Contains(clean, '..'), use safeName for tar header
- deleteViaEphemeral: call validateRelPath(filePath) before constructing rm command
Fixes #1272
2026-04-21 06:32:11 +00:00
..
cmd/server fix(go): replace $1 literal with resp.Body.Close() in 7 files (#1247) 2026-04-21 03:18:21 +00:00
internal fix(security): CWE-22 path traversal in copyFilesToContainer and deleteViaEphemeral 2026-04-21 06:32:11 +00:00
migrations fix(F1089): log panic-recovery UPDATE errors in scheduler (#1233) 2026-04-21 02:45:25 +00:00
pkg/provisionhook fix(docker): fix plugin go.mod replace for TokenProvider interface (#960) 2026-04-20 13:42:53 -07:00
.gitignore feat(ws-server): pull env from CP on startup 2026-04-19 02:41:15 -07:00
Dockerfile fix(security): add USER directive before ENTRYPOINT in all tenant images (#1155) 2026-04-20 23:51:33 +00:00
Dockerfile.tenant fix(security): add USER directive before ENTRYPOINT in all tenant images (#1155) 2026-04-20 23:51:33 +00:00
entrypoint-tenant.sh fix(security): add USER directive before ENTRYPOINT in all tenant images (#1155) 2026-04-20 23:51:33 +00:00
go.mod chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00
go.sum chore: open-source restructure — rename dirs, remove internal files, scrub secrets 2026-04-18 00:24:44 -07:00