Security: harden credentials (drop --password, 0700 dirs, atomic 0600 writes, redact bodies, bump cryptography)#3
Merged
Conversation
…redact bodies, bump cryptography Security hardening from the read-only credential/CLI review: - M8: remove `--password` CLI flag (leaked via ps/proc/shell history); password now comes from SC_PASSWORD env var or interactive getpass only. - M9: failed-login HTML dump now uses ~/.sc-api/discovery (or mkdtemp), never a guessable /tmp path; dir created mode 0700; state/token params scrubbed from saved HTML. - L5/L6: profiles.py + cookies.py now write credentials/cookies/meta via atomic tmp->chmod 0600->rename (no umask race); profile/base dirs 0700. - L7: raw response bodies routed through _redact_body/_scrub_sensitive before landing in exception messages. - M10: pin cryptography>=44.0.1 (CVE-2024-12797). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #2
Read-only security review fixes (local-file / CLI hardening; no remote exploit path).
Changes
--passwordCLI arg (cli.py): removed the flag (leaked viaps aux//proc/shell history). Password now sourced from theSC_PASSWORDenv var or interactivegetpassonly.auth.py::_dump_failed_extraction): no more guessable/tmpfallback — writes to the repodiscovery/dir (dev), else~/.sc-api/discovery/, elsetempfile.mkdtemp(). Dir created mode0700(chmod-enforced against umask);state/token/code/nonceparams scrubbed from saved HTML.profiles.py,cookies.py): credentials, cookies, and meta now written viatmp → chmod 0600 → os.replace(no umask race, no partial file); profile/base dirs created0700.auth.py): raw bodies routed through_redact_body/_scrub_sensitivebefore landing in exception messages.pyproject.toml): pinnedcryptography>=44.0.1(CVE-2024-12797).Verification
python3 -m py_compilepasses on all 4 edited modules.--passwordnow rejected; dump dir is0700and HTML scrubbed; credentials/meta0600, cookies0600, profile dir0700; cookie save→load roundtrip intact.🤖 Generated with Claude Code