[CRITICAL] CWE-78 regression: expandWithEnv os.Getenv fallback in org_helpers.go #1060
Closed
opened 2026-05-14 19:51:17 +00:00 by core-be
·
3 comments
No Branch/Tag Specified
main
fix/staging-offsec010-cp-wiring
fix/handlers-instructions-test-bugs
test/delegate-record-db-errors
infra-sre/fix-platform-go-test
staging
fix/ci-allrequired-needs
fix/staging-goasync-configseed
fix/issue-1080-org-helpers-comment
fix/issue-1081-errors-import
fix/1080-org-helpers-comment-typo
infra-sre/fix-missing-test-imports
fix/offsec-010-wiring
fix/saas-t4-cp-config-seed
fix/offsec-010-clean
fix/offsec-003-boundary-wrapping
fix/push-notifications
fix/offsec-003-escaped-markers-main
fix/mobile-chat-history
fix/staging-CWE-78-rows-err
fix/1062-mobilechat-history
hotfix/cwe-78-staging
fix/stdio-v2
fix/stdio-clean
fix/offsec-010-symlink-walkdir
fix/test-stdio-function-name
fix/offsec-010-symlink-walkdir-isSaaS-fix
sre/fix-stale-platform-server-port
fix/offsec-010-from-pr1047
staging-v6
fix/e2e-api-port-collision
fix/main-async-db-race
fix/secrets-rows-err-check
infra/sync-staging-v6-to-main
pr/1030
fix/handlers-instructions-test-compile
fix/instructions-test-compile
fix/openclaw-empty-required-keys
sre/main-rows-err-checks
fix/staging-v6-conflict-markers
fix/delegation-list-test-conflict-marker
fix/main-red-cdb0b040-ci-tests
fix/theme-toggle-selector-main-red
sre/ci-required-drift-canvas-reminder-skip
test/instructions-handler-coverage
sre/canvas-build-timeout
test/externalconnectmodal
fix/resolve-conflict-marker-delegation-list-test
fix/1008-themetoggle-css-selector
design/826-searchdialog-mount-v2
test/orgcancelbutton
fix/2088-themetoggle-queryselectorall-errors
design/704-tree-test-fix
fix/ci-required-drift-github-ref-skip
ci/975-db-pollution-fix
fix/968-remove-duplicate-test-declarations
fix/980-schedules-handler-test-coverage
design/tier-legend-contrast-2026-05-14
sre/platform-go-timeout-fix
fix/delegation-list-test-db-leak
fix/984-delegation-id-response-body
sre/queue-bot-fix-ctx-check
fix/983-remove-duplicate-test-declarations
fix/986-canvas-wcag-focus-rings
fix/993-agent-handler-test-coverage
design/wcag-focus-contrast-2026-05-14
design/wcag-focus-rings-round5-2026-05-14
fix/activity-logs-delegation-id-response-body
fix/982-expand-posix-identifier-guard
fix/test-offsec003-redundant-file
feat/976-schedules-handler-test-coverage
fix/org-helpers-test-panic
promote/main-to-staging-v5
fix/965-test-panic-resolveInsideRoot
promote/main-to-staging-v4
feat/delegation-list-tests
fix/test-a2a-sanitization-v3
promote/main-to-staging-v3
fix/duplicate-test-declarations
feat/org-helpers-security-tests
fix/main-push-operational-red
promote/main-to-staging-v2
fix-sop-concurrency-v2
fix/sop-checklist-gate-name
fix/docker-info-pipefail
fix/publish-healthcheck-pipefail
fix/sop-checklist-workflow-rename
promote/main-to-staging
sre/fix-sop-checklist-context-name-mc948
design/wcag-contrast-round4-2026-05-14
fix/org-helper-tests
fix/test-a2a-sanitization-main
fix/publish-image-on-every-main-push
fix/remove-canvas-reminder-from-all-required
fix/staging-integration-test-ctx
fix/staging-canvas-reminder-deadlock
design/wcag-a11y-round3-2026-05-14
ci/remove-canvas-reminder-from-all-required
fix/test-a2a-sanitization-assertions
fix/staging-ci-drift-canvas-reminder
fix/handlers-pg-integ-event-before
ci/platform-build-flip-coe
fix/staging-python-test-and-tier-check-lint
fix/offsec-006-slug-injection
runtime/fix-pr916-integration-test-ctx
design/chat-tab-wcag-contrast-2026-05-14
fix/offsec-006-slug-validation
design/wcag-contrast-fixes-2026-05-14
fix/904-handler-test-blockers
fix/ci-drift-canvas-reminder
fix/comment-trigger-storm
infra/660-codify-promote-tenant-image
fix/917-canvas-test-failures
fix/917-runtime-prbuild-detect-changes-fix
fix/filesTab-test-stale-reference
fix/files-tab-test-missing-helper
fix/runtime-prbuild-compat-detect-changes
fix/staging-test-compilation-fixes
fix/qa-review-token-fallback-v2
test/hydrate-canvas-coverage
fix/contextmenu-react-error-185
test/external-runtimes-coverage
fix/main-sqlmock-import-ineffassign-20260513
fix/redeploy-tenants-on-main-lint-cleanup
sre/docker-daemon-gate-fix
fix/897-listdelegations-use-ledger-table
fix/901-listdelegations-ledger-table
fix/core-main-handlers-hotfix
fix/e2e-api-platform-port
fix/main-green-monitor-status
fix/mobile-MobileChat-infinite-render
fix/delegations-ledger-fallback-rows-err
fix/874-extractmessagetext-clean
feat/881-untested-helpers
fix/874-extractmessagetext-bug
fix/status-reaper-api-timeout-retry-20260513130514
fix/831-admin-token-placeholder-bootstrap
feat/canvas-test-coverage-738
feat/files-tab-tree-coverage
feat/canvas-untested-components-coverage
feat/canvas-tab-test-coverage-2
fix/main-bundle-test-sqlmock-import
fix/stdio-fallback-all-environments
staging-sync-v3
ci/burn-in-remove-sop-tier-check-coe
fix/issue-860-delivery-mode-tests
design/approval-banner-emerald-fix
fix/issue-854-termsgate-a11y
fix/issue-859-wcag-contrast
fix/delegations-rows-err-bbc40cb8
design/approvalbanner-a11y
design/pricingtable-a11y
design/toolbar-help-toggle-fix
staging-sync-v2
fix/canvas-approvalbanner-a11y
feat/canvas-external-connect-modal-coverage
staging-sync-rm
fix/test-sanitize-agent-error-stderr
test/a2a-queue-extractExpiresInSeconds
fix/pr-829-test-issues
design/826-searchdialog-mount
fix/chat-createMessage-attachments-key
fix/762-recall-memory-canary
fix/367-a2a-tools-coverage-v2
feat/search-dialog-mount
feat/org-layout-test-coverage
fix/offsec-003-builtin-a2a-sanitize
fix/canvas-playwright-install-timeout
fix/805-audit-force-merge-main-required-checks
fix/cf-sweep-api-error
fix/e2e-diagnose-detail
fix/a2a-mcp-server-http-transport
fix/core-main-red-golangci-install
fix/test-declarations
fix/sop-checklist-body-hard-gate
merge-792
feat/mcp-tools-test-coverage
feat/workspace-crud-test-coverage
feat/socket-handler-test-coverage
fix/686-delegation-integration-tests
feat/a2a-proxy-helpers-test-coverage
fix/publish-canvas-disable-gha-cache-20260512
fix/publish-canvas-docker-probe-20260512
fix/canvas-image-ecr-20260512
fix/687-send-ssh-public-key-detail
feat/tier-2g-required-context-exists-in-bp
feat/tier-2f-bp-emit-match
fix/mc-664-class-2-mcp-offsec-contract-test
fix/main-ci-green-20260512
infra/dockerfile-add-docker-cli-for-local-build
test/workspace-crud-helpers-coverage
fix/681-recallmemory-offsec-contract
fix/org-layout-helpers-test-coverage
fix/735-extractResponseText-tests
test/713-workspace-crud-validators
test/713-org-helpers-pure-coverage
fix/713-eic-diagnose-detail
fix/730-filterpeers-nil-guard
infra/all-required-coe-false-v2
fix/phase3-tracker-comments
fix/mc-664-class-1-delegation-tests-postgres-integration
fix/canvas-keyboard-shortcuts-dialog-guard
infra/664-lint-coe-trackers
ci/lint-tracker-regex-fix-v2
fix/731-nil-guard-filter-peers-by-query
fix/lint-TRACKER_RE-mid-sentence
ci-retrigger-747
feat/709-handler-pure-coverage
fix/697-canvas-geticon-topology
ci/lint-tracker-regex-fix
test/2071-canvas-drop-target-badge-coverage
feat/2071-canvas-orgdeploystate-coverage
feat/mobile-canvas-comms-spawn-coverage
ci/lint-coe-self-fix
feat/mobile-tabbar-a11y
fix/ssm-refresh-ecr-auth-json-escaping
design/729-fix
ci/gate-check-v3-permissions-fix
fix/730-discovery-filter-nil-role
infra/publish-docker-daemon-diagnostic
fix/714-all-required-coe-false
fix/717-mobile-agentMessages-selector
infra/fix-all-required-status-reporting
fix/687-e2e-surface-diagnose-detail
infra/docker-runner-label
test/701-canvas-hydrate-coverage
test/mobile-primitives-coverage
infra/664-interim-platform-build-exempt
fix/693-offsec-recallmemory-scrub-staging
sync/main-to-staging-514-v2
fix/693-offsec-recallmemory-global-scrub
fix/693-offsec-recallmemory-scrub
fix/634-handler-test-fixes-to-main
test/699-socket-handler-coverage
sre/workflow-run-replacement
infra/676-ssm-auth-json-hardening
fix/offsec-001-method-scrub-hotfix
fix/offsec-001-method-scrub-main
feat/workspace-crud-validation-tests
test/canvas-hydrate-coverage
infra/lint-pre-flip-continue-on-error
fix/workflow_run-to-push-gitea-1.22.6
feat/tier-2e-tracking-issue
fix/684-offsec-scrub-method-default
feat/sop-checklist-gate-mvp
feat/tier-2d-lint-mask-pr-atomicity
infra/lint-workflow-yaml-hostile-shapes
infra/lint-required-no-paths-filter
cleanup/pr-641-clean
feat/mobile-tabbar-wcag-a11y
fix/canvas-mobile-chat-loop
fix/651-canvas-chat-mobile-crash
fix/664-interim-remask-platform-build
fix/mobile-chat-max-update-depth
infra/622-force-merge-protection-fix
test/attachment-lightbox-clean-v2
ci/652-gitea-1-22-status-key
test/memorytab-2
infra/status-reaper-rev4-status-key-fix
infra/weekly-platform-go-vet-hard
fix/audit-force-merge-pipefail
infra/status-reaper-rev3-widen-window
test/canvas-externalconnectmodal-coverage
fix/sop-tier-check-token-graceful
infra/ci-required-drift-token-scope
test/console-modal-coverage
ci/review-check-tests-wire
test/canvas-workspacenode-coverage
test/memorytab
infra/interim-disable-reaper-watchdog-crons
test/attachment-lightbox-coverage
fix/issue-639-workspacenode-test-coverage
test/channels-tab
fix/canvas-searchdialog-test-fixtures
fix/598-attachmentLightbox-tests
fix/529-307-localbuild-async-test-fix
fix/582-attachmentviews-tests
fix/308-a2a-response-push-mode-tests
fix/529-preflight-localbuild
fix/sop-tier-check-token-graceful-staging
fix/545-approvalbanner-isolation
fix/519-memorytab-tests
infra/status-reaper-rev2-sweep-recent-commits
fix/handlers-test-fixtures
test/skill-helpers-coverage
test/ui-primitive-coverage
docs/gitea-quirks-10-11
test/platform-bundle-exporter-coverage
infra/status-reaper-rev1-drop-concurrency
fix/608-filesTab-focusTest
test/budget-section-coverage
infra/revert-docker-runner-label
fix/weekly-platform-go-latent-error-surface
infra/revert-publish-runs-on-pin
sre/gate-check-timeout
test/a2a-error-hint-coverage
test/chat-attachment-views-coverage
test/attachment-video-coverage
infra/option-b-status-reaper
infra/gate-check-v3-timeout
infra/576-docker-runner-label
fix/593-filetab-tests
test/files-tab-notavailablepanel-coverage
fix/591-forminputs-tests
fix/471-cwe117-stderr-scrubbing
infra/diagnostic-publish-workspace-server-image
fix/582-bundle-import-tests
test/form-inputs-coverage
fix/publish-workspace-server-image-json5-comments
sre/fix-all-required-null-result
fix/publish-workspace-server-image-optional-token
pr-251
test/ui-statusbadge-coverage
fix/all-required-null-result-assertion
fix/568-palette-context-tests
pr-527
infra/merge-563-autobump-fix
test/mobile-palette-context-coverage
sre/fix-gate-check-v3-combined-state-loop
ci/540-review-check-bats-tests
fix/publish-runtime-autobump-push-condition
ci/558-verify-publish-runtime-marker
test/canvas-empty-state-coverage
infra/publish-runtime-verify-2026-05-11
ci/554-oci-labels-publish-workflow
infra/drift-bot-token
infra/rfc-219-phase-4-all-required-sentinel
ci/551-gate-checkout-trusted-ref
fix/gate-check-v3-pr-HEAD-security
fix/541-token-argv-security
sre/fix-gate-check-v3-bugs
fix/537-cwe117-a2a-tools-sanitize
fix/gate-check-v3-http-error-crash
sre/fix-localbuild-preflight
infra/rfc-324-workflow-add
test/offsec-003-sanitization-backstop
fix/test-sanitize-agent-error-stderr-exc
fix/approval-banner-test-isolation
infra/scope-workflows-fix
sre/fix-pr530-deadlock
sre/reopen-516-gate-check-fix
fix/ci-scope-operational-workflows-504-419
sre/scope-operational-workflows-to-schedule
ci/harness-replays-detect-changes-quoting-fix
fix/test-blocks-until-inflight-completes
fix/test-enrich-peer-metadata-nonblocking
sre/fix-enrich-nonblocking-cache-check
merge-pr490
runtime/fix-offsec-003-tool-delegate-task
fix/508-update-boundary-assertions
sre/fix-test-delegation-sync-polling-assertions
fix/366-shared-runtime-coverage
fix/506-unused-imports
ci/lint-fixes
fix/367-a2a-tools-coverage
test/a2a-client-enrich-peer-rebase
fix/354-delegation-auto-resume-rebase
ci/fix-detect-changes-commits-array
fix/307-async-rebase
runtime/fix-harness-replays-push-event
sre/fix-test-polling-sanitization
fix/harness-replays-detect-changes-gitea-api
ci/fix-test-polling-sanitization
test/eventstab
runtime/335-rebase-platfrom-url
hotfix/491-offsec-003-staging-v2
fix/pr477-test-fixes
runtime/335-rebase-platform-url
fix/354-auto-resume-delegations
fix/368-audit-hooks-coverage
runtime/temporal-platform-url-fix
infra/secret-reconciliation-v2
fix/purchase-success-modal-test-isolation
pr-476
sre/fix-gitea-runbook-network-quirks
tools/gate-check-v3
fix/376-activity-delegation-polling
runtime/platform-url-fix-merge
fix/canvas-purchase-success-modal-test-timing
fix/secret-naming-reconciliation
docs/gitea-operational-quirks-runbook
test/canvas-toolbar-coverage
fix/canvas-tier-config-v2
fix/455-offsec003-sanitize-alignment
fix/sweep-stale-e2e-orgs-secret-name
fix/approvalbanner-mockreset-452
fix/canvas-approvalbanner-mockreset
fix/publish-runtime-autobump-fetch-depth
fix/321-cwe22-loadWorkspaceEnv-path-traversal
fix/canonicalize-staging-admin-token-rebase-462
canvas-followup
fix/canonicalize-staging-admin-token-rest
refactor/drop-canary-prefix
fix/canvas-test-and-design-fixes
runtime/432-followup-helper-extraction
fix/harness-replays-detect-changes-fetch-depth
fix/stderr-include-a2a-error-response
feat/internal-292-sop-tier-refire
docs/update-remote-agent-tutorial-sdk-api
fix/canvas-confirm-dialog-backdrop-a11y-v3
fix/canvas-confirm-dialog-backdrop-a11y-v2
fix/388-github-token-501-gitea-staging
fix/dialog-backdrop-a11y
runtime/414-idle-loop-skip-pending-results-v3
fix/test-extract-tool-trace
fix/test-plugins-atomic-tar-coverage
fix/harness-replays-fetch-depth
fix/test-instructions-handler-coverage
sre/fix-workflow-secret-naming
fix/canvas-tiers-config-string-keys
fix/offsec-003-promote-to-main
fix/class-e-secret-name-reconciliation
fix/sop-tier-check-apt-get-first
fix/307-async-test-pollution
fix/sop-tier-check-jq-install-order
fix/canvas-test-failures-2026-05-10
runtime/fix-a2a-tools-duplicate-error-block-v2
infra/sop-tier-check-jq-install-fix
runtime/fix-a2a-push-delivery-mode
feat/main-never-red-watchdog-internal-420
feat/internal-219-phase-2bc-port-to-molecule-core
fix/a11y-canvas-clean
sweep/internal-219-cat-C1-port-gates-lints
sweep/internal-219-cat-B-delete-github-only
sweep/internal-219-cat-A-delete-mirrored
fix/offsec-003-json-endpoint-sanitize
sweep/internal-219-cat-C3-port-deploy-janitors
sweep/internal-219-cat-C2-port-e2e
fix/publish-runtime-cascade-sha-capture
feat/internal-219-phase-3-port-ci-yml
fix/413-a2a-delegation-offsec-003
runtime/381-idle-loop-pending-messages
fix/delegations-rows-err-check
fix/a11y-canvas-buttons-staging
runtime/fix-399-a2a-delegation-missing-import-v2
fix/380-cwe59-symlink-traversal
fix/388-github-token-501-staging
fix/confirm-dialog-wcag-backdrop
infra/sop-tier-check-jq-script-fallback
fix/revert-391-broken-jq-install
fix/a2a-tools-duplicate-dead-code
fix/confirm-dialog-backdrop
fix/canvas-confirm-dialog-backdrop-a11y
infra/jq-install-main
fix/sop-tier-check-jq-main
fix/canvas-dialog-backdrop-a11y
fix/388-github-token-501
runtime/offsec-003-polling-path-v2
fix/361-sanitize-delegation-results
runtime/offsec-003-executor-sanitize
fix/cwe22-loadWorkspaceEnv-main
fix/qa-audit-307-308-clean
ci/fix-293-sqlalchemy-pip-install
fix/354-delegation-auto-resume
runtime/platform-url-host-docker-internal
fix/canvas-repair-tests-344
fix/canvas-statusdot-ts-errors
test/molecule-audit-hooks-coverage
test/a2a-tools-and-send-message-coverage
fix/sop-tier-check-jq-install
test/shared-runtime-helpers-coverage
fix/canvas-topology-sort-orphan
fix/executor-helpers-offsec-003-sanitize
runtime/offsec-003-polling-path
fix/354-a2a-delegation-auto-resume
runtime/fix-a2a-push-delivery-mode-v2
fix/publish-runtime-add-_sanitize_a2a-to-allowlist
fix/publish-runtime-missing-working-directory
ci/add-sqlalchemy-to-pip-install
ci-resolve-github-gitea-triplicate
sre/offsec-003-boundary-escape
fix/sec-321-path-traversal-clean
fix/a2a-proxy-response-header-timeout-v2
fix/publish-runtime-workflow-dispatch-inputs
fix/a2a-push-mode-queue-envelope
fix/351-split-publish-runtime-triggers
feat/348-publish-runtime-restore-path-trigger
fix/issue-workspace-dup-name-409-autosuffix
fix/security-OFFSEC003-boundary-escape-334
fix/security-CWE22-loadWorkspaceEnv-330
fix/canvas-test-fixes-20260510
fix/canvas-extractMessageText
fix/qa-307-async-pollution-direct
test/a2a-client-enrich-peer-metadata
fix/docs-309-remote-faq-staging-env
fix/qa-308-push-mode-queue-tests
fix/qa-307-async-pollution
runtime/fix-plugin-registry-import-path
fix/a2a-proxy-response-header-timeout-clean
fix/publish-workspace-server-ci-clone-manifest-retry-main
infra/remove-pr303-tracking
fix/issue-296-plugin-registry-sysmodules
infra/pin-compose-image-digests
chore/sync-main-to-staging
fix/sec-321-path-traversal
fix/a2a-proxy-response-header-timeout
docs/a11y-billing-wcag-patterns
fix/qa-307-test-a2a-inbox-wrappers-asyncio-refactor
runtime/fix-test-config-model-isolation
ci/docker-daemon-health-guard
docs/fix-remote-workspaces-faq
fix/publish-workspace-server-ci-clone-manifest-retry
fix/test-config-env-isolation
ci/staging-sha-pinning
fix/external-connection-user-facing-urls
fix/workspace-server-registry-config-helper
fix/issue-272-sqlalchemy-ci-install
fix/canvas-yaml-utils-nested-arrays-clean
fix/self-delegation-guard
promote/staging-to-main-100546
fix/a2a-tools-v2
fix/a2a-tools-and-workflow-cleanup
fix/canvas-test-isolation-fixes-v2
fix/molecule-model-env-go
runtime/fix-delegate-empty-parts-regression
infra/runtime-doc-playwright-limitation
fix/offsec-001-error-message-scrubbing
fix/offsec-001
fix/a2a-tools-string-error-handling-clean
fix/core-248-pluginresolver-and-plgh
infra/fix-source-resolver-dup
fix/model-provider-misnomer
fix/a2a-tools-string-error-handling-v2
fix/canvas-yaml-utils-test-failure
fix/a2a-tools-string-error-handling
fix/internal-214-gosum-vanity-import
fix/canvas-test-isolation-fixes
chore/canvas-statusbadge-test-fix-cherry-pick
fix/canvas-statusbadge-test-role-ambiguity
runtime/fix-mcp-client-localhost-default
fix/core-257-delegation-test-stray-brace
revert/core-d0126662-restart-signals-undefined-h
revert/core-123-plugin-drift-detector
ci/pin-action-and-base-images
fix/org-232-per-workspace-required-env-preflight
fix/ssrf-guard-before-begintx
test/issue-232-per-workspace-required-env-preflight
fix/issue232-org-import-required-env-aggregation
fix/canvas-ts-test-errors
fix/delegations-list-ledger-fallback
wip-snapshot-2026-05-10/mac/molecule-core-tmp53-git-token-helper-wip
wip-snapshot-2026-05-10/mac/molecules-org-molecule-core-registry-prefix
fix/pluginresolver-conflict
wip-snapshot-2026-05-10/core-be/fix-pluginresolver-conflict
wip-snapshot-2026-05-10/core-qa/stash-package-lock-diff
feat/keyboard-shortcuts-dialog
wip-snapshot-2026-05-10/core-uiux/feat-keyboard-shortcuts-dialog
wip-snapshot-2026-05-10/core-fe/test-canvas-design-tokens-config
test/canvas-cssvar-tests
fix/internal-229-sop-tier-check-tier-low-relaxation
test/canvas-utility-pure-tests
test/canvas-preflight-utils-tests
test/canvas-runtimeprofiles-tests
test/canvas-yaml-utils-tests
test/canvas-pure-function-tests
fix/ci-port-publish-workspace-server-image-228
fix/ssrf-validate-agent-url-212
ci/sop-tier-check-approver-teams-fix
fix/sop-tier-check-legacy-flip-229
wip-snapshot-2026-05-10/core-be/fix-ki001-telegram-disable-channel
wip-snapshot-2026-05-10/core-be/feat-a2a-pre-restart-drain-125
wip-snapshot-2026-05-10/core-be/feat-plugin-drift-queue-123
fix/sweeper-race-error-counter
infra/fix-issue-75-gh-cli-gitea-sweep
wip-snapshot-2026-05-10/core-be/fix-gh-api-gitea-sweep-75
feat/keyboard-shortcuts-dialog-test
wip-snapshot-2026-05-10/core-be/fix-sweeper-test-isolation-86
ci/fix-issue-87-root-skip
fix/test-local-resolver-root-skip
fix/workspace-tests-clear-auth-cache
wip-snapshot-2026-05-10/core-be/fix-a2a-delegation-success-rendered-as-error
wip-snapshot-2026-05-10/core-be/fix-files-restart-volume-sync
wip-snapshot-2026-05-10/core-lead/tech-debt-rename-net
wip-snapshot-2026-05-10/core-lead/fix-168-mine
wip-snapshot-2026-05-10/core-lead/fix-167-uiux
wip-snapshot-2026-05-10/core-fe/stash-canvas-agent-comms-show-task-text
fix/canvas-agent-comms-show-task-text
wip-snapshot-2026-05-10/core-lead/fix-vitest-pool
fix/info-disclosure-errors
infra/add-temporal-to-main-compose
design/verify-canvas-design-system
fix/workspace-persona-git-identity
fix/175-env-matched-pair-guard
wip-snapshot-2026-05-10/core-lead/fix-149
refactor/sop-tier-check-extract-script
fix/sop-tier-check-pr-target-security
ci/sop-tier-check-deploy
fix/issue53-admin-token-pair-guard
fix/org-import-started-event-name
refactor/delete-uses-cascade-helper
fix/org-import-reconcile-and-audit
fix/preserve-model-secret-on-restart
feat/persona-bind-mount-local-dev
feat/canary-tier-filter
feat/plugin-version-subscription
feat/plugin-hot-reload-classifier
feat/plugin-atomic-install
feat/air-hot-reload-dev
feat/persona-env-injection
fix/external-resolver-hardening
fix/issue75-class-D-gh-api-to-gitea-rest
fix/cherry-3-files-vitest-postgres-e2eapi
fix/promote-vitest-postgres-fixes
fix/saas-plugin-install-eic
fix/issue-94-e2e-api-parallel-safe-class-b
migrate/issue-71-vanity-imports
fix/handlers-postgres-port-collision-class-b
fix/issue-96-canvas-vitest-cold-start-timeout
fix/hermes-agent-doc-gitea-migration
fix/196-retarget-main-to-staging-gitea-rest
fix/gitea-ci-flakes-issue-88
fix/pin-upload-artifact-v3-gitea
fix/issue-72-auto-sync-token-canary-v2
fix/issue75-class-F-gh-run-list-to-statuses
fix/issue75-class-A-gh-pr-to-gitea-rest
feat/issue-63-local-build-from-gitea-v2
fix/195-auto-promote-staging-gitea-rest
fix/144-branch-protection-check-name-parity-audit
fix/harness-replays-pre-clone-manifest
chore/trigger-auto-sync-verification
fix/codeql-stub-on-gitea-156
chore/issue173-retrigger-after-ecr-repo-create
fix/issue173-inline-aws-ecr-login
fix/issue173-shell-docker-push
chore/retrigger-harness-replays-post-class-g
fix/issue173-buildx-driver-and-cache
fix/post-suspension-clone-manifest
fix/issue173-followup-platform-dockerfile
fix/post-suspension-github-urls
fix/170-goroutine-bleed-test-isolation
fix/issue173-publish-workspace-server-image
fix/issue36-a2a-proxy-preflight
fix/codeql-continue-on-error-156
feat/demo-mock-3-bigorg-mock-runtime
feat/demo-mock-1-purchase-success-modal
fix/publish-path-filter-add-scripts
fix/clone-manifest-gitea
chore/touch-publish-workflow-to-trigger
chore/retrigger-publish-post-aws-secrets
chore/cherry-pick-pr23-into-main
chore/backsync-main-into-staging-task-166
fix/auto-sync-use-devops-token
chore/retrigger-staging-on-fixed-runner-image
chore/drop-github-app-auth-and-ecr-swap
docs/readme-comprehensive-refresh-2026-05-06
feat/rfc-2945-pr-c-2-canvas-chat-history
fix/issue10-runtime-aware-plugin-install
fix/s8-bind-loopback-dev
fix/14-cascade-gitea-dispatch
docs/molecule-core-bulk-sed
chore/pin-artifact-actions-v3
fix/lowercase-org-slug
fix/script-ghcr-and-lint-paths
docs/workspace-runtime-readme-source-edit
feat/eic-tunnel-pool-core-11
chore/rfc-2945-pr-c-3-delete-historyhydration
fix/2872-sqlmock-regex-tightening
fix/cp-orphan-sweeper-2989
feat/registry-prefix-env-driven-issue-6
docs/readme-refresh-2026-05-06
runtime-v0.1.1000
runtime-v0.1.131
runtime-v0.1.130
runtime-v1.0.0
runtime-v0.0.35
runtime-v0.0.34
runtime-v0.0.33
runtime-v0.0.32
runtime-v0.0.31
runtime-v0.0.30
runtime-v0.0.29
runtime-v0.0.28
runtime-v0.0.27
runtime-v0.0.26
runtime-v0.0.25
runtime-v0.0.24
runtime-v0.0.23
runtime-v0.0.22
runtime-v0.0.21
runtime-v0.0.20
runtime-v0.0.19
runtime-v0.0.18
runtime-v0.0.17
runtime-v0.0.16
runtime-v0.0.15
runtime-v0.0.14
runtime-v0.0.13
runtime-v0.0.12
runtime-v0.0.11
runtime-v0.0.10
runtime-v0.0.9
runtime-v0.0.8
runtime-v0.0.7
runtime-v0.0.6
runtime-v0.0.5
runtime-v0.0.4
runtime-v0.0.3
runtime-v0.0.2
runtime-v0.0.1
ci-trigger-1776771586
ci-retry-1776771601
ci-retrigger-1776771591
Labels
Clear labels
Merge queue candidate
Merge queue candidate
Ready for serialized Gitea merge queue
Temporarily hold PR in merge queue
Blocks the staging→main promotion / a release
High risk per dev-sop §SOP-6 — ceo only, 24h cooldown
Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve
Medium risk per dev-sop §SOP-6 — managers/ceo can approve
test
merge-queue
Merge queue candidate
merge-queue
Merge queue candidate
merge-queue
Ready for serialized Gitea merge queue
merge-queue-hold
Temporarily hold PR in merge queue
release-blocker
Blocks the staging→main promotion / a release
release-test
security
test-label-sre
tier:high
High risk per dev-sop §SOP-6 — ceo only, 24h cooldown
tier:low
Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve
tier:medium
Medium risk per dev-sop §SOP-6 — managers/ceo can approve
triage-test
test
No Label
merge-queue
merge-queue
merge-queue
merge-queue-hold
release-blocker
release-test
security
test-label-sre
tier:high
tier:low
tier:medium
triage-test
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.
No due date set.
Dependencies
No dependencies set.
Reference: molecule-ai/molecule-core#1060
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
No description provided.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
CWE-78 regression in org_helpers.go. expandWithEnv falls back to os.Getenv for any partial key like $HOME/path. Reverses fix
a3a358f9. Fix: addif key != whole { return "$"+key }guard.FIXED in commit
b75fe864onfix/offsec-003-boundary-wrapping(PR #1055). Theos.Expand-based implementation was replaced with a custom parser that only falls back toos.Getenvwhen the variable reference IS the entire input string (ref == whole). Partial refs like$HOME/pathnow return the literal"$HOME". 14 regression tests added.Update: PR #1059 (fix/offsec-003-boundary-v2 → staging) also contains the CWE-78 regression. Its org_helpers.go diff replaces main's byte-parser (a3a358f9+19fce4d4) with
os.Expand+ POSIX-first-character guard — the same vulnerable pattern confirmed in PR #1055.Same CHANGES REQUESTED stamp posted on PR #1059 (comment id 25206). The
rows.Errfixes in secrets.go and the OFFSEC-003 boundary wrapping in Python are approved; the org_helpers.go change must be dropped.[triage-agent] Closing as NOT A REGRESSION.
Verified in current main HEAD (
8868cbe1a4):expandEnvRefinorg_helpers.goalready has theif ref == whole { return os.Getenv(key) }guard. The CWE-78 fix from PR #1041 is present and correct.$HOME/pathreturns the literal$HOME/path, not the expanded path.If there is a different code path with the vulnerability, please re-open with the specific file/line.