Security hardening: path validation, permission hardening, dialog timeout, CI fix#1
Merged
Conversation
- validateWritePath: blocks writes to /etc, /proc, /sys, /dev, /boot, /sbin, ~/.ssh, ~/.gnupg, ~/.config/systemd - validateReadPath: blocks reads from /proc, /sys, /dev, ~/.ssh, ~/.gnupg - Both resolve and normalize paths to prevent traversal attacks (../) Addresses audit finding H-3 (arbitrary file write) and H-1 (eval_file path traversal) Co-authored-by: Aone-Agent <aone-agent@alibaba-inc.com>
- ensureRoot: create ~/.cloak with mode 0700 (owner-only access) - server: chmod socket file to 0600 after creation - server: implement proper stale socket detection via connect probe before removing existing socket (was previously deleting blindly) - server: throw DAEMON_ALREADY_RUNNING if another daemon is active Addresses audit findings H-2 (socket auth) and M-4 (stale socket race) Co-authored-by: Aone-Agent <aone-agent@alibaba-inc.com>
- output.ts: writeBinaryOut now validates path via validateWritePath() before writing screenshots, PDFs, and other binary outputs - eval.ts: page.eval_file now validates path via validateReadPath() before reading and executing file contents in browser context Addresses audit findings H-1 and H-3 Co-authored-by: Aone-Agent <aone-agent@alibaba-inc.com>
…leak - Default 30s timeout, configurable via 'timeout' param - On timeout: removes event listener and rejects with TIMEOUT error - Prevents indefinite Promise hang and listener accumulation Addresses audit finding M-3 Co-authored-by: Aone-Agent <aone-agent@alibaba-inc.com>
- Replace string-concatenated JS with Playwright's parameterized evaluate API, passing selector/multi/attr via argument channel - Eliminates code injection pattern even though JSON.stringify was safe Addresses audit finding M-1 Co-authored-by: Aone-Agent <aone-agent@alibaba-inc.com>
- NODE_AUTH_TOKEN was set to empty string, causing publish failures - Now references GitHub Actions secret for proper npm authentication Addresses audit finding M-5 Co-authored-by: Aone-Agent <aone-agent@alibaba-inc.com>
- 29 test cases covering write/read path validation - Tests for sensitive directory blocking, path traversal prevention, home directory protection, and safe path allowlisting - Include full security audit report (SECURITY_AUDIT_REPORT.md) Co-authored-by: Aone-Agent <aone-agent@alibaba-inc.com>
GitHub Actions jobs don't share workspace by default. E2E job needs dist/ artifacts from npm run build, but only ran npm ci. This caused E2E tests to fail with ERR_MODULE_NOT_FOUND for dist/cli.js.
Node 22 ESM requires JSON imports to have 'with { type: "json" }'.
The previous import-from-package.json pattern with moduleResolution:
Bundler doesn't emit this attribute, causing BOOT_ERROR on Node 22.
Switch to createRequire which is JSON-safe without attribute syntax.
dreamor
added a commit
that referenced
this pull request
Jun 18, 2026
…eout, CI fixes ## 安全加固 + CI 修复 ### 安全修复 - 新增 SafePath 路径验证模块(目录遍历防护) - Unix socket 权限 0600 + 目录权限 0700 - 文件读写强制路径验证 - dialog.handle_next 超时防资源泄漏 - oneShotScrape 参数化 evaluate 防注入 ### CI 修复 - E2E job 增加 build 步骤(job 间不共享工作区) - 修复 Node 22 JSON import 兼容性(createRequire) - release.yml 使用 secrets.NPM_TOKEN ### 测试 - ✅ Type Check - ✅ Build - ✅ Unit Tests (Node 20/22) - ✅ E2E Tests - ✅ Lint - ✅ 新增 SafePath 单元测试覆盖 Closes #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
安全加固 PR
变更概览
SafePath路径验证工具函数dialog.handle_next添加超时防资源泄漏oneShotScrape改用参数化 evaluate 防注入secrets.NPM_TOKEN文件变更
src/utils/safepath.ts— 新增 SafePath 验证模块src/daemon/server.ts— socket/dir 权限 + 路径验证src/daemon/methods/dialog.ts— 超时机制src/daemon/methods/eval.ts— 参数化 evaluatesrc/one-shot.ts— 参数化 evaluatesrc/output.ts/src/utils/paths.ts— 路径验证.github/workflows/release.yml— NPM_TOKENtests/unit/safepath.test.ts— 安全测试SECURITY_AUDIT_REPORT.md— 审计报告测试
合规
🤖 Generated with Claude Code