[CLOSED] superseded by PR #369 (CWE-22 main-targeted) #345
Closed
fullstack-engineer
wants to merge 1 commits from
fix/security-CWE22-loadWorkspaceEnv-330 into staging
pull from: fix/security-CWE22-loadWorkspaceEnv-330
merge into: molecule-ai:staging
molecule-ai:main
molecule-ai:fix/harness-replays-detect-changes-gitea-api
molecule-ai:runtime/temporal-platform-url-fix
molecule-ai:runtime/fix-offsec-003-tool-delegate-task
molecule-ai:test/externalconnectmodal
molecule-ai:infra/secret-reconciliation-v2
molecule-ai:staging
molecule-ai:fix/purchase-success-modal-test-isolation
molecule-ai:test/orgcancelbutton
molecule-ai:pr-476
molecule-ai:sre/fix-gitea-runbook-network-quirks
molecule-ai:tools/gate-check-v3
molecule-ai:fix/376-activity-delegation-polling
molecule-ai:runtime/platform-url-fix-merge
molecule-ai:fix/canvas-purchase-success-modal-test-timing
molecule-ai:test/canvas-workspacenode-coverage
molecule-ai:fix/secret-naming-reconciliation
molecule-ai:runtime/335-rebase-platfrom-url
molecule-ai:docs/gitea-operational-quirks-runbook
molecule-ai:test/canvas-toolbar-coverage
molecule-ai:fix/canvas-tier-config-v2
molecule-ai:fix/455-offsec003-sanitize-alignment
molecule-ai:fix/sweep-stale-e2e-orgs-secret-name
molecule-ai:fix/approvalbanner-mockreset-452
molecule-ai:fix/canvas-approvalbanner-mockreset
molecule-ai:fix/publish-runtime-autobump-fetch-depth
molecule-ai:fix/321-cwe22-loadWorkspaceEnv-path-traversal
molecule-ai:fix/canonicalize-staging-admin-token-rebase-462
molecule-ai:canvas-followup
molecule-ai:fix/canonicalize-staging-admin-token-rest
molecule-ai:refactor/drop-canary-prefix
molecule-ai:fix/canvas-test-and-design-fixes
molecule-ai:runtime/432-followup-helper-extraction
molecule-ai:fix/harness-replays-detect-changes-fetch-depth
molecule-ai:fix/stderr-include-a2a-error-response
molecule-ai:feat/internal-292-sop-tier-refire
molecule-ai:docs/update-remote-agent-tutorial-sdk-api
molecule-ai:fix/canvas-confirm-dialog-backdrop-a11y-v3
molecule-ai:fix/canvas-confirm-dialog-backdrop-a11y-v2
molecule-ai:fix/388-github-token-501-gitea-staging
molecule-ai:fix/dialog-backdrop-a11y
molecule-ai:runtime/414-idle-loop-skip-pending-results-v3
molecule-ai:fix/test-extract-tool-trace
molecule-ai:fix/test-plugins-atomic-tar-coverage
molecule-ai:fix/harness-replays-fetch-depth
molecule-ai:fix/test-instructions-handler-coverage
molecule-ai:sre/fix-workflow-secret-naming
molecule-ai:fix/canvas-tiers-config-string-keys
molecule-ai:fix/offsec-003-promote-to-main
molecule-ai:fix/class-e-secret-name-reconciliation
molecule-ai:fix/sop-tier-check-apt-get-first
molecule-ai:fix/307-async-test-pollution
molecule-ai:fix/sop-tier-check-jq-install-order
molecule-ai:fix/canvas-test-failures-2026-05-10
molecule-ai:runtime/fix-a2a-tools-duplicate-error-block-v2
molecule-ai:infra/sop-tier-check-jq-install-fix
molecule-ai:runtime/fix-a2a-push-delivery-mode
molecule-ai:feat/main-never-red-watchdog-internal-420
molecule-ai:feat/internal-219-phase-2bc-port-to-molecule-core
molecule-ai:fix/a11y-canvas-clean
molecule-ai:sweep/internal-219-cat-C1-port-gates-lints
molecule-ai:sweep/internal-219-cat-B-delete-github-only
molecule-ai:sweep/internal-219-cat-A-delete-mirrored
molecule-ai:fix/offsec-003-json-endpoint-sanitize
molecule-ai:sweep/internal-219-cat-C3-port-deploy-janitors
molecule-ai:sweep/internal-219-cat-C2-port-e2e
molecule-ai:fix/publish-runtime-cascade-sha-capture
molecule-ai:feat/internal-219-phase-3-port-ci-yml
molecule-ai:fix/413-a2a-delegation-offsec-003
molecule-ai:runtime/381-idle-loop-pending-messages
molecule-ai:fix/delegations-rows-err-check
molecule-ai:fix/a11y-canvas-buttons-staging
molecule-ai:runtime/fix-399-a2a-delegation-missing-import-v2
molecule-ai:fix/380-cwe59-symlink-traversal
molecule-ai:fix/388-github-token-501-staging
molecule-ai:fix/confirm-dialog-wcag-backdrop
molecule-ai:infra/sop-tier-check-jq-script-fallback
molecule-ai:fix/revert-391-broken-jq-install
molecule-ai:fix/a2a-tools-duplicate-dead-code
molecule-ai:fix/confirm-dialog-backdrop
molecule-ai:fix/canvas-confirm-dialog-backdrop-a11y
molecule-ai:infra/jq-install-main
molecule-ai:fix/sop-tier-check-jq-main
molecule-ai:fix/canvas-dialog-backdrop-a11y
molecule-ai:fix/388-github-token-501
molecule-ai:runtime/offsec-003-polling-path-v2
molecule-ai:fix/361-sanitize-delegation-results
molecule-ai:runtime/offsec-003-executor-sanitize
molecule-ai:fix/cwe22-loadWorkspaceEnv-main
molecule-ai:fix/qa-audit-307-308-clean
molecule-ai:ci/fix-293-sqlalchemy-pip-install
molecule-ai:fix/354-delegation-auto-resume
molecule-ai:runtime/platform-url-host-docker-internal
molecule-ai:fix/canvas-repair-tests-344
molecule-ai:fix/canvas-statusdot-ts-errors
molecule-ai:test/molecule-audit-hooks-coverage
molecule-ai:test/a2a-tools-and-send-message-coverage
molecule-ai:fix/sop-tier-check-jq-install
molecule-ai:test/shared-runtime-helpers-coverage
molecule-ai:fix/canvas-topology-sort-orphan
molecule-ai:fix/executor-helpers-offsec-003-sanitize
molecule-ai:runtime/offsec-003-polling-path
molecule-ai:fix/354-a2a-delegation-auto-resume
molecule-ai:runtime/fix-a2a-push-delivery-mode-v2
molecule-ai:fix/publish-runtime-add-_sanitize_a2a-to-allowlist
molecule-ai:fix/publish-runtime-missing-working-directory
molecule-ai:ci/add-sqlalchemy-to-pip-install
molecule-ai:ci-resolve-github-gitea-triplicate
molecule-ai:sre/offsec-003-boundary-escape
molecule-ai:fix/sec-321-path-traversal-clean
molecule-ai:fix/a2a-proxy-response-header-timeout-v2
molecule-ai:fix/publish-runtime-workflow-dispatch-inputs
molecule-ai:fix/a2a-push-mode-queue-envelope
molecule-ai:fix/351-split-publish-runtime-triggers
molecule-ai:feat/348-publish-runtime-restore-path-trigger
molecule-ai:fix/issue-workspace-dup-name-409-autosuffix
molecule-ai:fix/security-OFFSEC003-boundary-escape-334
molecule-ai:fix/canvas-test-fixes-20260510
molecule-ai:fix/canvas-extractMessageText
molecule-ai:fix/qa-307-async-pollution-direct
molecule-ai:test/a2a-client-enrich-peer-metadata
molecule-ai:fix/docs-309-remote-faq-staging-env
molecule-ai:fix/qa-308-push-mode-queue-tests
molecule-ai:fix/qa-307-async-pollution
molecule-ai:runtime/fix-plugin-registry-import-path
molecule-ai:fix/a2a-proxy-response-header-timeout-clean
molecule-ai:fix/publish-workspace-server-ci-clone-manifest-retry-main
molecule-ai:infra/remove-pr303-tracking
molecule-ai:fix/issue-296-plugin-registry-sysmodules
molecule-ai:infra/pin-compose-image-digests
molecule-ai:chore/sync-main-to-staging
molecule-ai:fix/sec-321-path-traversal
molecule-ai:fix/a2a-proxy-response-header-timeout
molecule-ai:docs/a11y-billing-wcag-patterns
molecule-ai:fix/qa-307-test-a2a-inbox-wrappers-asyncio-refactor
molecule-ai:runtime/fix-test-config-model-isolation
molecule-ai:ci/docker-daemon-health-guard
molecule-ai:docs/fix-remote-workspaces-faq
molecule-ai:fix/publish-workspace-server-ci-clone-manifest-retry
molecule-ai:fix/test-config-env-isolation
molecule-ai:ci/staging-sha-pinning
molecule-ai:fix/external-connection-user-facing-urls
molecule-ai:fix/workspace-server-registry-config-helper
molecule-ai:fix/issue-272-sqlalchemy-ci-install
molecule-ai:fix/canvas-yaml-utils-nested-arrays-clean
molecule-ai:fix/self-delegation-guard
molecule-ai:promote/staging-to-main-100546
molecule-ai:fix/a2a-tools-v2
molecule-ai:fix/a2a-tools-and-workflow-cleanup
molecule-ai:fix/canvas-test-isolation-fixes-v2
molecule-ai:fix/molecule-model-env-go
molecule-ai:runtime/fix-delegate-empty-parts-regression
molecule-ai:infra/runtime-doc-playwright-limitation
molecule-ai:fix/offsec-001-error-message-scrubbing
molecule-ai:fix/offsec-001
molecule-ai:fix/a2a-tools-string-error-handling-clean
molecule-ai:fix/core-248-pluginresolver-and-plgh
molecule-ai:infra/fix-source-resolver-dup
molecule-ai:fix/model-provider-misnomer
molecule-ai:fix/a2a-tools-string-error-handling-v2
molecule-ai:fix/canvas-yaml-utils-test-failure
molecule-ai:fix/a2a-tools-string-error-handling
molecule-ai:fix/internal-214-gosum-vanity-import
molecule-ai:fix/canvas-test-isolation-fixes
molecule-ai:chore/canvas-statusbadge-test-fix-cherry-pick
molecule-ai:fix/canvas-statusbadge-test-role-ambiguity
molecule-ai:runtime/fix-mcp-client-localhost-default
molecule-ai:fix/core-257-delegation-test-stray-brace
molecule-ai:revert/core-d0126662-restart-signals-undefined-h
molecule-ai:revert/core-123-plugin-drift-detector
molecule-ai:ci/pin-action-and-base-images
molecule-ai:fix/org-232-per-workspace-required-env-preflight
molecule-ai:fix/ssrf-guard-before-begintx
molecule-ai:test/issue-232-per-workspace-required-env-preflight
molecule-ai:fix/issue232-org-import-required-env-aggregation
molecule-ai:fix/canvas-ts-test-errors
molecule-ai:fix/delegations-list-ledger-fallback
molecule-ai:wip-snapshot-2026-05-10/mac/molecule-core-tmp53-git-token-helper-wip
molecule-ai:wip-snapshot-2026-05-10/mac/molecules-org-molecule-core-registry-prefix
molecule-ai:fix/pluginresolver-conflict
molecule-ai:wip-snapshot-2026-05-10/core-be/fix-pluginresolver-conflict
molecule-ai:wip-snapshot-2026-05-10/core-qa/stash-package-lock-diff
molecule-ai:feat/keyboard-shortcuts-dialog
molecule-ai:wip-snapshot-2026-05-10/core-uiux/feat-keyboard-shortcuts-dialog
molecule-ai:wip-snapshot-2026-05-10/core-fe/test-canvas-design-tokens-config
molecule-ai:test/canvas-cssvar-tests
molecule-ai:fix/internal-229-sop-tier-check-tier-low-relaxation
molecule-ai:test/canvas-utility-pure-tests
molecule-ai:test/canvas-preflight-utils-tests
molecule-ai:test/canvas-runtimeprofiles-tests
molecule-ai:test/canvas-yaml-utils-tests
molecule-ai:test/canvas-pure-function-tests
molecule-ai:fix/ci-port-publish-workspace-server-image-228
molecule-ai:fix/ssrf-validate-agent-url-212
molecule-ai:ci/sop-tier-check-approver-teams-fix
molecule-ai:fix/sop-tier-check-legacy-flip-229
molecule-ai:wip-snapshot-2026-05-10/core-be/fix-ki001-telegram-disable-channel
molecule-ai:wip-snapshot-2026-05-10/core-be/feat-a2a-pre-restart-drain-125
molecule-ai:wip-snapshot-2026-05-10/core-be/feat-plugin-drift-queue-123
molecule-ai:fix/sweeper-race-error-counter
molecule-ai:infra/fix-issue-75-gh-cli-gitea-sweep
molecule-ai:wip-snapshot-2026-05-10/core-be/fix-gh-api-gitea-sweep-75
molecule-ai:feat/keyboard-shortcuts-dialog-test
molecule-ai:wip-snapshot-2026-05-10/core-be/fix-sweeper-test-isolation-86
molecule-ai:ci/fix-issue-87-root-skip
molecule-ai:fix/test-local-resolver-root-skip
molecule-ai:fix/workspace-tests-clear-auth-cache
molecule-ai:wip-snapshot-2026-05-10/core-be/fix-a2a-delegation-success-rendered-as-error
molecule-ai:wip-snapshot-2026-05-10/core-be/fix-files-restart-volume-sync
molecule-ai:wip-snapshot-2026-05-10/core-lead/tech-debt-rename-net
molecule-ai:wip-snapshot-2026-05-10/core-lead/fix-168-mine
molecule-ai:wip-snapshot-2026-05-10/core-lead/fix-167-uiux
molecule-ai:wip-snapshot-2026-05-10/core-fe/stash-canvas-agent-comms-show-task-text
molecule-ai:fix/canvas-agent-comms-show-task-text
molecule-ai:wip-snapshot-2026-05-10/core-lead/fix-vitest-pool
molecule-ai:fix/info-disclosure-errors
molecule-ai:infra/add-temporal-to-main-compose
molecule-ai:design/verify-canvas-design-system
molecule-ai:fix/workspace-persona-git-identity
molecule-ai:fix/175-env-matched-pair-guard
molecule-ai:wip-snapshot-2026-05-10/core-lead/fix-149
molecule-ai:refactor/sop-tier-check-extract-script
molecule-ai:fix/sop-tier-check-pr-target-security
molecule-ai:ci/sop-tier-check-deploy
molecule-ai:fix/issue53-admin-token-pair-guard
molecule-ai:fix/org-import-started-event-name
molecule-ai:refactor/delete-uses-cascade-helper
molecule-ai:fix/org-import-reconcile-and-audit
molecule-ai:fix/preserve-model-secret-on-restart
molecule-ai:feat/persona-bind-mount-local-dev
molecule-ai:feat/canary-tier-filter
molecule-ai:feat/plugin-version-subscription
molecule-ai:feat/plugin-hot-reload-classifier
molecule-ai:feat/plugin-atomic-install
molecule-ai:feat/air-hot-reload-dev
molecule-ai:feat/persona-env-injection
molecule-ai:fix/external-resolver-hardening
molecule-ai:fix/issue75-class-D-gh-api-to-gitea-rest
molecule-ai:fix/cherry-3-files-vitest-postgres-e2eapi
molecule-ai:fix/promote-vitest-postgres-fixes
molecule-ai:fix/saas-plugin-install-eic
molecule-ai:fix/issue-94-e2e-api-parallel-safe-class-b
molecule-ai:migrate/issue-71-vanity-imports
molecule-ai:fix/handlers-postgres-port-collision-class-b
molecule-ai:fix/issue-96-canvas-vitest-cold-start-timeout
molecule-ai:fix/hermes-agent-doc-gitea-migration
molecule-ai:fix/196-retarget-main-to-staging-gitea-rest
molecule-ai:fix/gitea-ci-flakes-issue-88
molecule-ai:fix/pin-upload-artifact-v3-gitea
molecule-ai:fix/issue-72-auto-sync-token-canary-v2
molecule-ai:fix/issue75-class-F-gh-run-list-to-statuses
molecule-ai:fix/issue75-class-A-gh-pr-to-gitea-rest
molecule-ai:feat/issue-63-local-build-from-gitea-v2
molecule-ai:fix/195-auto-promote-staging-gitea-rest
molecule-ai:fix/144-branch-protection-check-name-parity-audit
molecule-ai:fix/harness-replays-pre-clone-manifest
molecule-ai:chore/trigger-auto-sync-verification
molecule-ai:fix/codeql-stub-on-gitea-156
molecule-ai:chore/issue173-retrigger-after-ecr-repo-create
molecule-ai:fix/issue173-inline-aws-ecr-login
molecule-ai:fix/issue173-shell-docker-push
molecule-ai:chore/retrigger-harness-replays-post-class-g
molecule-ai:fix/issue173-buildx-driver-and-cache
molecule-ai:fix/post-suspension-clone-manifest
molecule-ai:fix/issue173-followup-platform-dockerfile
molecule-ai:fix/post-suspension-github-urls
molecule-ai:fix/170-goroutine-bleed-test-isolation
molecule-ai:fix/issue173-publish-workspace-server-image
molecule-ai:fix/issue36-a2a-proxy-preflight
molecule-ai:fix/codeql-continue-on-error-156
molecule-ai:feat/demo-mock-3-bigorg-mock-runtime
molecule-ai:feat/demo-mock-1-purchase-success-modal
molecule-ai:fix/publish-path-filter-add-scripts
molecule-ai:fix/clone-manifest-gitea
molecule-ai:chore/touch-publish-workflow-to-trigger
molecule-ai:chore/retrigger-publish-post-aws-secrets
molecule-ai:chore/cherry-pick-pr23-into-main
molecule-ai:chore/backsync-main-into-staging-task-166
molecule-ai:fix/auto-sync-use-devops-token
molecule-ai:chore/retrigger-staging-on-fixed-runner-image
molecule-ai:chore/drop-github-app-auth-and-ecr-swap
molecule-ai:docs/readme-comprehensive-refresh-2026-05-06
molecule-ai:feat/rfc-2945-pr-c-2-canvas-chat-history
molecule-ai:fix/issue10-runtime-aware-plugin-install
molecule-ai:fix/s8-bind-loopback-dev
molecule-ai:fix/14-cascade-gitea-dispatch
molecule-ai:docs/molecule-core-bulk-sed
molecule-ai:chore/pin-artifact-actions-v3
molecule-ai:fix/lowercase-org-slug
molecule-ai:fix/script-ghcr-and-lint-paths
molecule-ai:docs/workspace-runtime-readme-source-edit
molecule-ai:feat/eic-tunnel-pool-core-11
molecule-ai:chore/rfc-2945-pr-c-3-delete-historyhydration
molecule-ai:fix/2872-sqlmock-regex-tightening
molecule-ai:fix/cp-orphan-sweeper-2989
molecule-ai:feat/registry-prefix-env-driven-issue-6
molecule-ai:docs/readme-refresh-2026-05-06
1 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
| 19b61729ac |
fix(security): CWE-22 path traversal guard in loadWorkspaceEnv
OFFSEC-003 / closes #330. `loadWorkspaceEnv` used `filepath.Join(orgBaseDir, filesDir, ".env")` without a resolveInsideRoot guard on filesDir — allowing malicious org YAML to read files outside the org root (e.g. filesDir: "../../../etc"). Two locations patched: 1. org_helpers.go:loadWorkspaceEnv — wrap filesDir with resolveInsideRoot before joining into the load path. On traversal rejection the org-root .env is still loaded; the traversal path is silently skipped. 2. org_import.go:createWorkspaceTree — same unguarded Join at line 494 was patched with the identical guard. resolveInsideRoot is already established in the codebase (used for template and files_dir elsewhere in org_import.go), so no new primitives are introduced. Added org_helpers_test.go covering: - Normal load of org-root + workspace .env (workspace overrides org) - Traversal paths (../../../etc etc.) are silently rejected - Non-existent workspace dir returns org-root vars only - Empty orgBaseDir returns empty map |
