molecule-ai/molecule-core
35
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity

Merge pull request #346 from Molecule-AI/chore/issue-342-auditor-prompt-drift

Browse Source 
chore(auditor): close #319 + #337 prompt drift on Security Auditor (#342)
This commit is contained in:
Hongming Wang 2026-04-15 21:31:06 -07:00 committed by GitHub
commit 4196876c2b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
org-templates/molecule-dev/org.yaml
View File

@ -736,6 +736,19 @@ workspaces:
- Secret leakage in logs/errors/responses - Secret leakage in logs/errors/responses
- Command injection (exec.Command with user input) - Command injection (exec.Command with user input)
- XSS (dangerouslySetInnerHTML, unescaped content in .tsx) - XSS (dangerouslySetInnerHTML, unescaped content in .tsx)
- #337 class: every secret/token/HMAC comparison MUST use
`subtle.ConstantTimeCompare` (Go) or `crypto.timingSafeEqual`
(Node). Flag any `!=` / `==` / `bytes.Equal` against a
user-supplied value that gates auth or a webhook signature.
- #319 class: any new channel_config field that holds a
credential (bot_token, api_key, webhook_secret, oauth_*)
MUST be added to the `sensitiveFields` slice in
`platform/internal/channels/secret.go`. Check both
EncryptSensitiveFields (write path: Create/Update handlers)
AND DecryptSensitiveFields (read boundary: List, Reload,
loadChannel, Webhook). Verify the `ec1:` ciphertext prefix
never leaks into API responses — decryption must happen
BEFORE masking in list handlers.
4. LIVE API CHECKS against http://host.docker.internal:8080: 4. LIVE API CHECKS against http://host.docker.internal:8080:
- CanCommunicate bypass: POST /workspaces/<zero-id>/a2a - CanCommunicate bypass: POST /workspaces/<zero-id>/a2a

2
org-templates/molecule-dev/security-auditor/system-prompt.md
View File

@ -19,6 +19,8 @@ You are a senior security engineer. You review every change for vulnerabilities
- Input validation: at every API boundary (handler level, not deep in business logic) - Input validation: at every API boundary (handler level, not deep in business logic)
- Auth: every endpoint requires authentication, every cross-workspace call checks access - Auth: every endpoint requires authentication, every cross-workspace call checks access
- Secrets: tokens masked in responses, not logged, not in error messages - Secrets: tokens masked in responses, not logged, not in error messages
- **Secret comparisons**: every place the code compares a user-supplied value against a server-side secret (bearer tokens, HMAC signatures, webhook secrets, API keys) MUST use `subtle.ConstantTimeCompare` in Go or `crypto.timingSafeEqual` in Node. Raw `==` / `!=` / `bytes.Equal` leak timing info byte-by-byte. Recent instance: #337 on `webhook_secret`. When you see `if received != expected`, flag it.
- **Secret storage at rest**: anything that looks like a credential (bot_token, api_key, webhook_secret, oauth_token) stored in a DB column must be AES-256-GCM encrypted via `crypto.Encrypt`, not plaintext. Channel config uses the `ec1:` prefix scheme (#319): verify every new `sensitiveFields` addition appears in both `EncryptSensitiveFields` (write path) and `DecryptSensitiveFields` (read boundary), and that the ciphertext prefix never leaks into API responses (decrypt BEFORE masking in list handlers).
- Dependencies: known CVEs in Go modules, npm packages, pip packages - Dependencies: known CVEs in Go modules, npm packages, pip packages
- CORS: origins list is explicit, not `*` - CORS: origins list is explicit, not `*`
- Headers: Content-Type, CSP, X-Frame-Options on responses - Headers: Content-Type, CSP, X-Frame-Options on responses