admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
13,083 Commits 1 Branch 0 Tags
ed960ba4eb3b3cfbe589ecff986b92cb802e3980
Commit Graph

119 Commits

Author SHA1 Message Date
Peter Steinberger
f97c45c5b5 fix(security): warn on Discord name-based allowlists in audit 2026-02-21 19:45:17 +01:00
Peter Steinberger
f48698a50b fix(security): harden sandbox browser network defaults 2026-02-21 14:02:53 +01:00
Peter Steinberger
8c1518f0f3 fix(sandbox): use one-time noVNC observer tokens 2026-02-21 13:56:58 +01:00
Peter Steinberger
1835dec200 fix(security): force sandbox browser hash migration and audit stale labels 2026-02-21 13:25:41 +01:00
Peter Steinberger
14b0d2b816 refactor: harden control-ui auth flow and add insecure-flag audit summary 2026-02-21 13:18:23 +01:00
Peter Steinberger
99048dbec2 fix(gateway): align insecure-auth toggle messaging 2026-02-21 12:57:22 +01:00
Vincent Koc
c2f5628915 Fix formatting (#22474) 2026-02-21 01:37:02 -05:00
C.J. Winslow
58f7b7638a Security: add per-wrapper IDs to untrusted-content markers (#19009) 
Fixes #10927

Adds unique per-wrapper IDs to external-content boundary markers to
prevent spoofing attacks where malicious content could inject fake
marker boundaries.

- Generate random 16-char hex ID per wrap operation
- Start/end markers share the same ID for pairing
- Sanitizer strips markers with or without IDs (handles legacy + spoofed)
- Added test for attacker-injected markers with fake IDs

Co-authored-by: Vincent Koc <vincentkoc@ieee.org>
 2026-02-21 01:16:02 -05:00
Coy Geek
40a292619e fix: Control UI Insecure Auth Bypass Allows Token-Only Auth Over HTTP (#20684) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ad9be4b4d65698785ad7ea9ad650f54d16c89c4a
Co-authored-by: coygeek <65363919+coygeek@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
 2026-02-20 17:34:34 +00:00
Peter Steinberger
f76f98b268 chore: fix formatting drift and stabilize cron tool mocks 2026-02-19 15:41:38 +01:00
Peter Steinberger
81b19aaa1a fix(security): enforce plugin and hook path containment 2026-02-19 15:37:29 +01:00
Peter Steinberger
b40821b068 fix: harden ACP secret handling and exec preflight boundaries 2026-02-19 15:34:20 +01:00
Peter Steinberger
5dc50b8a3f fix(security): harden npm plugin and hook install integrity flow 2026-02-19 15:11:25 +01:00
Peter Steinberger
268b0dc921 style: fix formatting drift in security allowlist checks 2026-02-19 13:31:01 +00:00
Peter Steinberger
e3e0ffd801 feat(security): audit gateway HTTP no-auth exposure 2026-02-19 14:25:56 +01:00
Peter Steinberger
ec232a9e2d refactor(security): harden temp-path handling for inbound media 2026-02-19 14:06:37 +01:00
habakan
825cc70796 test: dedupe gateway auth and sessions patch coverage (#20087) 2026-02-19 03:35:58 -08:00
David Rudduck
f1e1ad73ad fix(security): SHA-256 hash before timingSafeEqual to prevent length leak (#20856) 
The previous implementation returned early when buffer lengths differed,
leaking the expected secret's length via timing side-channel. Hashing both
inputs with SHA-256 before comparison ensures fixed-length buffers and
constant-time comparison regardless of input lengths.
 2026-02-19 03:16:35 -08:00
Jay Caldwell
9edec67a18 fix(security): block plaintext WebSocket connections to non-loopback addresses (#20803) 
* fix(security): block plaintext WebSocket connections to non-loopback addresses

Addresses CWE-319 (Cleartext Transmission of Sensitive Information).

Previously, ws:// connections to remote hosts were allowed, exposing
both credentials and chat data to network interception. This change
blocks ALL plaintext ws:// connections to non-loopback addresses,
regardless of whether explicit credentials are configured (device
tokens may be loaded dynamically).

Security policy:
- wss:// allowed to any host
- ws:// allowed only to loopback (127.x.x.x, localhost, ::1)
- ws:// to LAN/tailnet/remote hosts now requires TLS

Changes:
- Add isSecureWebSocketUrl() validation in net.ts
- Block insecure connections in GatewayClient.start()
- Block insecure URLs in buildGatewayConnectionDetails()
- Handle malformed URLs gracefully without crashing
- Update tests to use wss:// for non-loopback URLs

Fixes #12519

* fix(test): update gateway-chat mock to preserve net.js exports

Use importOriginal to spread actual module exports and mock only
the functions needed for testing. This ensures isSecureWebSocketUrl
and other exports remain available to the code under test.
 2026-02-19 03:13:08 -08:00
Coy Geek
f7a7a28c56 fix: enforce hooks token separation from gateway auth (#20813) 
* fix(an-03): apply security fix

Generated by staged fix workflow.

* fix(an-03): apply security fix

Generated by staged fix workflow.

* fix(an-03): remove stale test-link artifact from patch

Remove accidental a2ui test-link artifact from the tracked diff and keep startup auth enforcement centralized in startup-auth.ts.
 2026-02-19 02:48:08 -08:00
Peter Steinberger
d6768098a1 refactor(security): share installed plugin directory scan helper 2026-02-19 00:29:07 +00:00
Peter Steinberger
c8bdefd8b4 refactor(security): reuse shared scan path containment helper 2026-02-19 00:20:15 +00:00
Peter Steinberger
5c5c032f42 refactor(security): share DM allowlist state resolver 2026-02-18 23:58:11 +00:00
Peter Steinberger
89a0b95af4 refactor(security): reuse shared allowlist normalization 2026-02-18 23:48:32 +00:00
the sun gif man
114736ed1a Doctor/Security: fix telegram numeric ID + symlink config permission warnings (#19844) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: e42bf1e48de947571007df1d65f25d157a399a84
Co-authored-by: joshp123 <1497361+joshp123@users.noreply.github.com>
Co-authored-by: joshp123 <1497361+joshp123@users.noreply.github.com>
Reviewed-by: @joshp123
 2026-02-18 00:09:51 -08:00
Peter Steinberger
b8b43175c5 style: align formatting with oxfmt 0.33 2026-02-18 01:34:35 +00:00
Peter Steinberger
31f9be126c style: run oxfmt and fix gate failures 2026-02-18 01:29:02 +00:00
cpojer
2a4ca7671e chore: Fix types in tests 35/N. 2026-02-17 15:50:07 +09:00
cpojer
d0cb8c19b2 chore: wtf. 2026-02-17 13:36:48 +09:00
Sebastian
ed11e93cf2 chore(format) 2026-02-16 23:20:16 -05:00
cpojer
90ef2d6bdf chore: Update formatting. 2026-02-17 09:18:40 +09:00
Peter Steinberger
df6d0ee92b refactor(core): dedupe tool policy and IPv4 matcher logic 2026-02-16 16:14:54 +00:00
Peter Steinberger
04892ee230 refactor(core): dedupe shared config and runtime helpers 2026-02-16 14:59:30 +00:00
brandonwise
095d522099 fix(security): create session transcript files with 0o600 permissions (#18066) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 962f497d242c5affa9b610f38f3dc7844426198d
Co-authored-by: brandonwise <21148772+brandonwise@users.noreply.github.com>
Co-authored-by: sebslight <19554889+sebslight@users.noreply.github.com>
Reviewed-by: @sebslight
 2026-02-16 08:33:40 -05:00
Peter Steinberger
a7cbce1b3d refactor(security): tighten sandbox bind validation 2026-02-16 03:19:50 +01:00
Peter Steinberger
887b209db4 fix(security): harden sandbox docker config validation 2026-02-16 03:04:06 +01:00
Peter Steinberger
6288c51774 perf(test): fold secret equality assertions into audit extra suite 2026-02-16 00:18:27 +00:00
Peter Steinberger
92f8c0fac3 perf(test): speed up suites and reduce fs churn 2026-02-15 19:29:27 +00:00
Peter Steinberger
7773c5410b refactor(telegram): share allowFrom normalization 2026-02-15 18:17:05 +00:00
Peter Steinberger
42b0d6f43e refactor(agents): share workspace dir enumeration 2026-02-15 13:59:46 +00:00
Peter Steinberger
d7079b5578 refactor(security): share sandbox tool policy picker 2026-02-15 13:10:07 +00:00
Peter Steinberger
6c7a7d910a refactor(gateway): dedupe probe auth resolution 2026-02-15 06:40:04 +00:00
Peter Steinberger
bbe3b2b55d refactor(models): share param-B inference 2026-02-15 05:12:49 +00:00
Peter Steinberger
b373461032 refactor(security): share scan path helpers 2026-02-15 04:29:18 +00:00
Peter Steinberger
cf04208cb9 fix(allowlist): canonicalize Slack/Discord allowFrom 2026-02-15 03:46:16 +01:00
Peter Steinberger
b3882eccef refactor(config): share include scan helper 2026-02-14 15:39:45 +00:00
Peter Steinberger
e3b432e481 fix(telegram): require sender ids for allowlist auth 2026-02-14 16:09:00 +01:00
Peter Steinberger
233483d2b9 refactor(security): centralize dangerous tool lists 2026-02-14 13:27:05 +01:00
Peter Steinberger
539689a2f2 feat(security): warn when gateway.tools.allow re-enables dangerous HTTP tools 2026-02-14 12:48:02 +01:00
Nick Taylor
1fb52b4d7b feat(gateway): add trusted-proxy auth mode (#15940) 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: 279d4b304f83186fda44dfe63a729406a835dafa
Co-authored-by: nickytonline <833231+nickytonline@users.noreply.github.com>
Co-authored-by: steipete <58493+steipete@users.noreply.github.com>
Reviewed-by: @steipete
 2026-02-14 12:32:17 +01:00