Hongming Wang 6fd13ff037 fix(security): #226 — gate POST /workspaces template/runtime against traversal ... Closes #226 MEDIUM. WorkspaceHandler.Create joined payload.Template directly into filepath.Join(configsDir, template) without validating it stayed inside configsDir. An attacker posting Template="../../etc" would have the provisioner walk and mount arbitrary host directories into the workspace container. Same fix as #103 (POST /org/import): use the existing resolveInsideRoot helper to reject absolute paths and any ".." that escapes the root. Applied at both call sites in workspace.go: 1. Synchronous runtime detection before DB insert — 400 on bad input 2. Async provisioning goroutine — early return, logs the rejection (belt-and-suspenders; the create path already blocks) No test added inline because the existing resolveInsideRoot suite (org_path_test.go) already covers absolute / traversal / prefix-sibling / empty-path / deep-subpath cases. A duplicate test for the workspace handler wouldn't add signal. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>		2026-04-15 12:00:26 -07:00
..
cmd	fix(platform): panic-recovering supervisor for every background goroutine (#92)	2026-04-14 20:34:18 -07:00
internal	fix(security): #226 — gate POST /workspaces template/runtime against traversal	2026-04-15 12:00:26 -07:00
migrations	fix(schedules): backfill legacy rows to 'template' + extract import SQL const	2026-04-14 14:30:22 -07:00
Dockerfile	initial commit — Molecule AI platform	2026-04-13 11:55:37 -07:00
go.mod	initial commit — Molecule AI platform	2026-04-13 11:55:37 -07:00
go.sum	initial commit — Molecule AI platform	2026-04-13 11:55:37 -07:00