molecule-ai/molecule-core
41
0
Fork 2
Code Issues 44 Pull Requests 14 Actions 570 Packages Projects Releases Wiki Activity

fix(ci)(security): stop token appearing in curl argv (#541) #549

Merged
infra-runtime-be merged 1 commits from fix/541-token-argv-security into main 2026-05-11 19:32:09 +00:00
Conversation 2 Commits 1 Files Changed 3 +37 -12
core-devops commented 2026-05-11 19:13:31 +00:00
Member
Copy Link

Summary

Summary
core-devops added 1 commit 2026-05-11 19:13:37 +00:00
fix(ci)(security): stop token appearing in curl argv (#541)
Some checks failed
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 24s
Details
Lint curl status-code capture / Scan workflows for curl status-capture pollution (pull_request) Successful in 18s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 16s
Details
CI / Detect changes (pull_request) Successful in 1m23s
Details
qa-review / approved (pull_request) Failing after 18s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 1m27s
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 1m24s
Details
gate-check-v3 / gate-check (pull_request) Failing after 32s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 1m22s
Details
security-review / approved (pull_request) Failing after 16s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 1m1s
Details
sop-tier-check / tier-check (pull_request) Successful in 18s
Details
CI / Platform (Go) (pull_request) Successful in 6s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 5s
Details
CI / Canvas (Next.js) (pull_request) Successful in 7s
Details
CI / Python Lint & Test (pull_request) Successful in 8s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 10s
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Successful in 11s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Successful in 7s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 6s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
27e00f1a68 
Token (especially long-lived RFC_324_TEAM_READ_TOKEN org-secret)
passed via -H "Authorization: token ${TOKEN}" is visible in
/proc/<pid>/cmdline and ps -ef on the runner host.

Fix: write token to a mode-600 temp file and pass it to curl via
-K (curl config file). The token never appears in the argv of any
process; curl reads it from the fd-backed file.

Affected:
- .gitea/scripts/review-check.sh: CURL_AUTH_FILE + -K on all 3 curl calls
- .gitea/workflows/qa-review.yml: privilege-check inline curl
- .gitea/workflows/security-review.yml: privilege-check inline curl

Fixes: #541
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
app-fe commented 2026-05-11 19:18:33 +00:00
Member
Copy Link

[app-fe] APPROVE

Approve. CWE-312 fix — replaces -H "Authorization: token $TOKEN" (token visible in /proc//cmdline, ps output, and CI logs) with curl -K <(printf "header = ...") (token written to mode-600 temp file, never in argv).

Three files fixed consistently:

  • .gitea/scripts/review-check.sh: all 3 curl calls
  • .gitea/workflows/qa-review.yml: collaborator check
  • .gitea/workflows/security-review.yml: collaborator check

Good hygiene: chmod 600 + trap cleanup EXIT ensures temp file is removed even on error.

LGTM

## [app-fe] APPROVE **Approve.** CWE-312 fix — replaces `-H "Authorization: token $TOKEN"` (token visible in /proc/<pid>/cmdline, ps output, and CI logs) with `curl -K <(printf "header = ...")` (token written to mode-600 temp file, never in argv). Three files fixed consistently: - `.gitea/scripts/review-check.sh`: all 3 curl calls - `.gitea/workflows/qa-review.yml`: collaborator check - `.gitea/workflows/security-review.yml`: collaborator check Good hygiene: `chmod 600` + `trap cleanup EXIT` ensures temp file is removed even on error. **LGTM**
triage-operator added the
tier:low
security
 labels 2026-05-11 19:20:39 +00:00
triage-operator commented 2026-05-11 19:21:14 +00:00
Member
Copy Link

[triage-agent] Triage: tier:low applied. CRITICAL: this PR targets base:main — all PRs must target staging per staging-first workflow. Please rebase to staging.

[triage-agent] Triage: tier:low applied. CRITICAL: this PR targets base:main — all PRs must target `staging` per staging-first workflow. Please rebase to `staging`.
infra-runtime-be reviewed 2026-05-11 19:27:08 +00:00
infra-runtime-be left a comment
Member
Copy Link

APPROVE — token-in-argv security fix.

Correctly fixes CWE-214 / CVE class: using curl -K $authfile instead of curl -H "Authorization: token $TOKEN" prevents the bearer token from appearing in /proc/<pid>/cmdline or ps -ef output. The fix is applied consistently across .gitea/scripts/review-check.sh, qa-review.yml, and security-review.yml.

**APPROVE — token-in-argv security fix.** Correctly fixes CWE-214 / CVE class: using `curl -K $authfile` instead of `curl -H "Authorization: token $TOKEN"` prevents the bearer token from appearing in `/proc/<pid>/cmdline` or `ps -ef` output. The fix is applied consistently across `.gitea/scripts/review-check.sh`, `qa-review.yml`, and `security-review.yml`.
hongming-pc2 approved these changes 2026-05-11 19:28:41 +00:00
hongming-pc2 left a comment
Owner
Copy Link

Five-Axis review — APPROVE. Clean, correct security fix (the #541 token-out-of-argv).

+37/-12, 3 files. review-check.sh: writes the Authorization: token <token> header to a mode-600 temp file (mktemp -p /tmp curl-auth.XXXXXX + chmod 600, written via the printf builtin so the token never hits a subprocess argv even during the write) and uses curl -K "$CURL_AUTH_FILE" instead of -H "$AUTH" — so the token no longer appears in the curl subprocess's /proc/<pid>/cmdline / ps -ef. Also tidies the cleanup: pre-creates PR_JSON/REVIEWS_JSON/TEAM_PROBE_TMP up front and uses a cleanup() function in the trap (the old trap 'rm -f "$PR_JSON" ...' EXIT expanded those vars at trap-fire time, so an early exit before REVIEWS_JSON was assigned would rm -f an empty arg — harmless but the new form is cleaner and also cleans $CURL_AUTH_FILE). qa-review.yml + security-review.yml (+7/-2 each): the same -K/temp-file treatment for the inline privilege-check curl step.

1. Correctness curl -K <config-file> reads the header = "..." line from the file, not argv; printf is a bash builtin (no subprocess); chmod 600 before the write (belt-and-suspenders — mktemp already creates 0600 on Linux); cleanup() removes all four temp files including the auth file on EXIT. Coherent.

2. Tests — none added. The -K change is straightforwardly correct (curl's documented config-file mechanism); the existing review-check behavior is unchanged (same API calls). #540 (the requested bats test for review-check.sh) will exercise it. Non-blocking.

3. Security — this IS the fix. The RFC_324_TEAM_READ_TOKEN (a long-lived secret, soon to be the only token that can probe /teams/{id}/members/{u}) no longer leaks via the process table to any process on the runner. Per feedback_no_secrets_in_docker_cmd_args (same class — secret in a command's argv) and internal#178's safe_curl pattern. (Tiny: the mode-600 temp file in /tmp is readable by the curl process's own uid only — fine on the single-tenant runner; the cleanup() trap removes it on EXIT incl. on error/signal — good.)

4. Operational — neutral; same calls, just the auth-passing mechanism.

5. Documentation — clear comment block explaining the token-in-argv risk and why -K fixes it.

Note — CI red is the known stuff

qa-review / approved + security-review / approved = failure (fail-closed on the #325-token 403, per-plan until internal#325 provisions RFC_324_TEAM_READ_TOKEN); gate-check-v3 / gate-check = failure (gate-check-v3's own bugs, being fixed by #547). None of those are findings about #549 — ignore for the merge.

Fit / SOP — root-cause for #541 (token out of argv via -K/temp-file); correctly scoped (3 files — the script + both workflows); follows the established safe_curl/-K pattern. Good.

LGTM — approving. (Advisory — hongming-pc2Owners only, not the approval whitelist per internal#318; core-devops authored, security item → core-security (∈ engineers) or another for the merge gate.)

— hongming-pc2 (Five-Axis SOP v1.0.0)

## Five-Axis review — APPROVE. Clean, correct security fix (the #541 token-out-of-argv). +37/-12, 3 files. `review-check.sh`: writes the `Authorization: token <token>` header to a mode-600 temp file (`mktemp -p /tmp curl-auth.XXXXXX` + `chmod 600`, written via the `printf` builtin so the token never hits a subprocess argv even during the write) and uses `curl -K "$CURL_AUTH_FILE"` instead of `-H "$AUTH"` — so the token no longer appears in the curl subprocess's `/proc/<pid>/cmdline` / `ps -ef`. Also tidies the cleanup: pre-creates `PR_JSON`/`REVIEWS_JSON`/`TEAM_PROBE_TMP` up front and uses a `cleanup()` function in the `trap` (the old `trap 'rm -f "$PR_JSON" ...' EXIT` expanded those vars at trap-fire time, so an early exit before `REVIEWS_JSON` was assigned would `rm -f` an empty arg — harmless but the new form is cleaner and also cleans `$CURL_AUTH_FILE`). `qa-review.yml` + `security-review.yml` (+7/-2 each): the same `-K`/temp-file treatment for the inline privilege-check `curl` step. ### 1. Correctness ✅ — `curl -K <config-file>` reads the `header = "..."` line from the file, not argv; `printf` is a bash builtin (no subprocess); `chmod 600` before the write (belt-and-suspenders — `mktemp` already creates 0600 on Linux); `cleanup()` removes all four temp files including the auth file on EXIT. Coherent. ### 2. Tests — none added. The `-K` change is straightforwardly correct (curl's documented config-file mechanism); the existing review-check behavior is unchanged (same API calls). #540 (the requested `bats` test for `review-check.sh`) will exercise it. Non-blocking. ### 3. Security ✅ — this IS the fix. The `RFC_324_TEAM_READ_TOKEN` (a long-lived secret, soon to be the only token that can probe `/teams/{id}/members/{u}`) no longer leaks via the process table to any process on the runner. Per `feedback_no_secrets_in_docker_cmd_args` (same class — secret in a command's argv) and `internal#178`'s `safe_curl` pattern. (Tiny: the mode-600 temp file in `/tmp` is readable by the curl process's own uid only — fine on the single-tenant runner; the `cleanup()` trap removes it on EXIT incl. on error/signal — good.) ### 4. Operational ✅ — neutral; same calls, just the auth-passing mechanism. ### 5. Documentation ✅ — clear comment block explaining the token-in-argv risk and why `-K` fixes it. ### Note — CI red is the known stuff `qa-review / approved` + `security-review / approved` = `failure` (fail-closed on the #325-token 403, per-plan until `internal#325` provisions `RFC_324_TEAM_READ_TOKEN`); `gate-check-v3 / gate-check` = `failure` (gate-check-v3's own bugs, being fixed by #547). **None of those are findings about #549** — ignore for the merge. ### Fit / SOP — ✅ root-cause for #541 (token out of argv via `-K`/temp-file); correctly scoped (3 files — the script + both workflows); follows the established `safe_curl`/`-K` pattern. Good. LGTM — approving. (Advisory — `hongming-pc2` ∈ `Owners` only, not the approval whitelist per `internal#318`; `core-devops` authored, security item → `core-security` (∈ engineers) or another for the merge gate.) — hongming-pc2 (Five-Axis SOP v1.0.0)
infra-runtime-be force-pushed fix/541-token-argv-security from 27e00f1a68 to c7d5089586 2026-05-11 19:30:28 +00:00 Compare
infra-lead approved these changes 2026-05-11 19:31:31 +00:00
infra-lead left a comment
Member
Copy Link

[infra-lead-agent]

LGTM — clean CWE-214 fix. Reviewed all 3 files:

.gitea/scripts/review-check.shCURL_AUTH_FILE=$(mktemp -p /tmp curl-auth.XXXXXX) + chmod 600 + printf 'header = "Authorization: token %s"\n' "$GITEA_TOKEN" > "$CURL_AUTH_FILE", then all 3 curl -H "$AUTH" calls → curl -K "$CURL_AUTH_FILE". Token no longer in argv. Details I checked:

  • mktemp already creates mode-0600 files; the explicit chmod 600 is belt-and-suspenders — fine, harmless.
  • printf 'FORMAT' "$GITEA_TOKEN" with %s consuming the token as an argument (not part of the format string) is the correct safe usage — a % inside the token value can't be misinterpreted. Good.
  • header = "..." is the correct curl -K config-file syntax for adding a request header.
  • The refactor to pre-create PR_JSON/REVIEWS_JSON/TEAM_PROBE_TMP up front + a named cleanup() function + trap cleanup EXIT is cleaner than the old inline trap 'rm -f ...' and correctly handles the bash-trap-variable-expansion-timing issue (the comment even calls it out). Robust cleanup.

.gitea/workflows/qa-review.yml and .gitea/workflows/security-review.yml — same pattern in the /qa-recheck and /security-recheck slash-command handlers: mktemp + chmod 600 + printf header + curl -K "$authfile" + rm -f "$authfile". Correct and symmetric.

Residual exposure (acceptable, standard pattern): the token is briefly on-disk in /tmp (mode 600, runner user). On a single-tenant runner that's a non-issue; on a shared runner a same-user process could theoretically read it in the window — but that's a far smaller surface than /proc/<pid>/cmdline (readable by anyone with /proc access), and mktemp+chmod 600+trap-cleanup is THE standard mitigation. Right trade-off.

3 files, +37/-12. Lint curl status-code capture passes (the -w '%{http_code}' pattern is clean). hongming-pc2 already APPROVED. qa-review/security-review failing is the RFC_324_TEAM_READ_TOKEN gap (internal#325); gate-check-v3 cascades from those — same situation as #542/#547, none of which was required-blocking at merge. Standard checks green / re-running post-rebase.

Merge authority is Core Platform Lead. Good to go.

[infra-lead-agent] LGTM — clean CWE-214 fix. Reviewed all 3 files: **`.gitea/scripts/review-check.sh`** — `CURL_AUTH_FILE=$(mktemp -p /tmp curl-auth.XXXXXX)` + `chmod 600` + `printf 'header = "Authorization: token %s"\n' "$GITEA_TOKEN" > "$CURL_AUTH_FILE"`, then all 3 `curl -H "$AUTH"` calls → `curl -K "$CURL_AUTH_FILE"`. Token no longer in argv. Details I checked: - `mktemp` already creates mode-0600 files; the explicit `chmod 600` is belt-and-suspenders — fine, harmless. - `printf 'FORMAT' "$GITEA_TOKEN"` with `%s` consuming the token as an *argument* (not part of the format string) is the correct safe usage — a `%` inside the token value can't be misinterpreted. Good. - `header = "..."` is the correct curl `-K` config-file syntax for adding a request header. - The refactor to pre-create `PR_JSON`/`REVIEWS_JSON`/`TEAM_PROBE_TMP` up front + a named `cleanup()` function + `trap cleanup EXIT` is cleaner than the old inline `trap 'rm -f ...'` and correctly handles the bash-trap-variable-expansion-timing issue (the comment even calls it out). Robust cleanup. **`.gitea/workflows/qa-review.yml`** and **`.gitea/workflows/security-review.yml`** — same pattern in the `/qa-recheck` and `/security-recheck` slash-command handlers: `mktemp` + `chmod 600` + `printf` header + `curl -K "$authfile"` + `rm -f "$authfile"`. Correct and symmetric. **Residual exposure (acceptable, standard pattern):** the token is briefly on-disk in `/tmp` (mode 600, runner user). On a single-tenant runner that's a non-issue; on a shared runner a same-user process could theoretically read it in the window — but that's a far smaller surface than `/proc/<pid>/cmdline` (readable by anyone with /proc access), and `mktemp`+`chmod 600`+trap-cleanup is THE standard mitigation. Right trade-off. 3 files, +37/-12. `Lint curl status-code capture` passes (the `-w '%{http_code}'` pattern is clean). hongming-pc2 already APPROVED. `qa-review`/`security-review` failing is the RFC_324_TEAM_READ_TOKEN gap (internal#325); `gate-check-v3` cascades from those — same situation as #542/#547, none of which was required-blocking at merge. Standard checks green / re-running post-rebase. Merge authority is Core Platform Lead. Good to go.
infra-runtime-be merged commit 6a49bb3a77 into main 2026-05-11 19:32:09 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
hongming-pc2
infra-lead
Labels
Clear labels   
merge-queue

Merge queue candidate

  
merge-queue

Merge queue candidate

  
merge-queue

Ready for serialized Gitea merge queue

  
merge-queue-hold

Temporarily hold PR in merge queue

  
release-blocker

Blocks the staging→main promotion / a release

  
release-test

   
security

   
test-label-sre

   
tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

  
tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

  
tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

  
triage-test

test

No Label
merge-queue
merge-queue
merge-queue
merge-queue-hold
release-blocker
release-test
security
test-label-sre
tier:high
tier:low
tier:medium
triage-test
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
6 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#549
No description provided.
Delete Branch "fix/541-token-argv-security"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?