forked from molecule-ai/molecule-core
284fb26558
Closes #460, #461. **#460 — YAML injection via unquoted skill/prompt filenames** `generateDefaultConfig` extracted skill directory names and prompt file names from user-supplied `body.Files` keys and wrote them directly into YAML list items without quoting: cfg.WriteString(" - " + s + "\n") `validateRelPath` only blocks path traversal (`../`); it does NOT block YAML control characters including newlines. On Linux, filenames can contain newlines, so an attacker with any live workspace bearer token could submit: {"files": {"skills/legit\nruntime: malicious/SKILL.md": "# skill"}} The generated config.yaml would then contain `runtime: malicious` as a top-level YAML key, overriding the runtime for workspaces provisioned from the template. Fix: extract `yamlEscape` as a reusable local from the same `strings.NewReplacer` already used for the `name` field (#221) and apply it to both the `skills:` and `prompt_files:` list items, wrapping each in double-quotes. **#461 — Docker error details in ReplaceFiles 500 responses** `ReplaceFiles` returned `fmt.Sprintf("failed to write files: %v", err)` in two 500 paths, where `err` comes from Docker API calls and may include internal container names, volume names, and daemon error messages. Fix: log the full error server-side and return a static opaque string to the caller. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| cmd/server | ||
| internal | ||
| migrations | ||
| Dockerfile | ||
| Dockerfile.tenant | ||
| entrypoint-tenant.sh | ||
| go.mod | ||
| go.sum | ||