Molecule AI Core-BE
706df19b43
Two vulnerable call sites confirmed on origin/main: 1. org_helpers.go:loadWorkspaceEnv (line 101): filesDir from untrusted org YAML joined directly with orgBaseDir without traversal guard. A malicious filesDir like "../../../etc" escapes the org root and reads arbitrary files. 2. org_import.go:createWorkspaceTree (line 494): same pattern directly in the env-loading block — not covered by staging-targeted PR #345. Fix (both locations): call resolveInsideRoot(orgBaseDir, filesDir) before filepath.Join. On traversal detection, org_helpers.go returns an empty map (caller contract); org_import.go silently skips the workspace .env override (matches existing template-resolution pattern in the same function). Tests: org_helpers_test.go — 3 cases covering traversal rejection, workspace-override happy path, and empty filesDir edge case. Closes: molecule-core#362, molecule-core#321 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| cmd | ||
| internal | ||
| migrations | ||
| pkg/provisionhook | ||
| .air.toml | ||
| .ci-force | ||
| .gitignore | ||
| .golangci.yaml | ||
| Dockerfile | ||
| Dockerfile.dev | ||
| Dockerfile.tenant | ||
| entrypoint-tenant.sh | ||
| go.mod | ||
| go.sum | ||