No-CVE advisories — confirmed fixes, zero tracking

--- a/lib/openvpn-auth-oauth2/openvpn/handle.go +++ b/lib/openvpn-auth-oauth2/openvpn/handle.go @@ -144,7 +144,7 @@ func (p *PluginHandle) handleAuthUserPassVerify(clientEnvList **c.Char, perClien slog.Any("err", err), ) - return c.OpenVPNPluginFuncSuccess + return c.OpenVPNPluginFuncError case management.ClientAuthPending: pendingRespCh, err := p.managementClient.RegisterPendingPoller(currentClientID)

- //_log_message("onMessage:msgObj: " . json_encode($json)); + //_log_message("onMessage:msgObj: " . json_encode($json)); + // Strip eval-able fields from browser/guest messages. + if (empty($msgObj->isCommandLineInterface) && ($msgObj->sentFrom ?? '') !== 'php') { + if (is_array($json['msg'] ?? null)) { + unset($json['msg']['autoEvalCodeOnHTML']); + } + if (isset($json['callback']) && !preg_match('/^[a-zA-Z_][a-zA-Z0-9_]*$/', (string)$json['callback'])) { + unset($json['callback']); + } + } if (!empty($msgObj->send_to_uri_pattern)) { $this->msgToSelfURI($json, $msgObj->send_to_uri_pattern); } else if (!empty($json['resourceId'])) {

--- a/server/asset_upload_handler.go +++ b/server/asset_upload_handler.go @@ -67,6 +67,13 @@ func AssetUploadHandler(cruds map[string]*resource.DbResource) func(c *gin.Conte c.AbortWithError(400, errors.New("filename query parameter is required")) return } + // Strip path traversal from filename + if fileName != "" { + fileName = filepath.Clean(fileName) + for strings.HasPrefix(fileName, "..") { + fileName = strings.TrimPrefix(strings.TrimPrefix(fileName, ".."), string(filepath.Separator)) + } + } // Validate table and column dbResource, ok := cruds[typeName] if !ok || dbResource == nil {

Before: cmd = parts[0] After: basename = os.path.basename(cmd) if basename not in ALLOWED_MCP_COMMANDS: raise ValueError(...)

--- a/uefi_firmware/compression/Tiano/Decompress.c +++ b/uefi_firmware/compression/Tiano/Decompress.c @@ -208,14 +188,16 @@ Routine Description: } for (Index = 0; Index < NumOfChar; Index++) { + if (BitLen[Index] > 16) { + return (UINT16) BAD_TABLE; + } Count[BitLen[Index]]++; } @@ -245,18 +227,20 @@ Routine Description: if (Len <= TableBits) { + if (Start[Len] >= NextCode || NextCode > MaxTableLength) { + return (UINT16) BAD_TABLE; + } + for (Index = Start[Len]; Index < NextCode; Index++) { - if(Index >= TableSize) - { - Sd->mBadAlgorithm = 1; - return (UINT16) BAD_TABLE; - } Table[Index] = Char; } +

--- a/uefi_firmware/compression/Tiano/Decompress.c +++ b/uefi_firmware/compression/Tiano/Decompress.c @@ -208,14 +188,16 @@ Routine Description: } for (Index = 0; Index < NumOfChar; Index++) { + if (BitLen[Index] > 16) { + return (UINT16) BAD_TABLE; + } Count[BitLen[Index]]++; } // ... (lines omitted for brevity) if (Len <= TableBits) { + if (Start[Len] >= NextCode || NextCode > MaxTableLength) { + return (UINT16) BAD_TABLE; + } + for (Index = Start[Len]; Index < NextCode; Index++) { - if(Index >= TableSize) - { - Sd->mBadAlgorithm = 1; - return (UINT16) BAD_TABLE; - } Table[Index] = Char; } + } else {

Before: query += "WHERE T0.PACKET_TIMESECONDS < '#{start_time}' LIMIT -1" result = @@conn.exec(query) After: query += "WHERE T0.PACKET_TIMESECONDS < $1 LIMIT -1" query_params << start_time result = @@conn.exec_params(query, query_params)

--- a/primitives/block/src/multisig.rs +++ b/primitives/block/src/multisig.rs @@ -37,3 +37,14 @@ impl MultiSignature { } } } + +pub(crate) fn checked_signer_slots(signers: &BitSet) -> Option<Vec<u16>> { + let mut slots = Vec::with_capacity(signers.len()); + for slot in signers.iter() { + if slot >= Policy::SLOTS as usize || slot > u16::MAX as usize { + return None; + } + slots.push(slot

Before: profile.EmailVerified After: profile.EmailVerified.IsVerified()

Before: - return true; After: + return false;

--- a/backend/services/real_compiler_service.py +++ b/backend/services/real_compiler_service.py @@ -36,6 +36,68 @@ 'cpu_limit': '1.0' } } - - # Start execution worker + self.blocked_python_modules = { + "os", + "socket", + "subprocess", + "pty", + "multiprocessing", + "ctypes", + "resource", + "pwd", + "grp", + "signal", + "fcntl", + "selectors", + "pathlib", + "shutil", + } + self.blocked_python_calls = { + "eval", + "exec", + "compile", + "__import__", + "open", + "input", + "globals", + "locals", + "vars", + "getattr", + "setattr", + "delattr", + } + self.blocked_python_attrs = { + "fork", + "forkpty", + "spawn", + "spawnl", + "spawnlp", + "spawnv", + "spawnvp", + "system", + "popen", + "execl", + "execle", + "execlp", + "execv", + "execve", + "execvp", + "setsid", + "dup2", + } + self.blocked_patterns = { + "javascript": [ + r"require\s*\(\s*['\"]child_process['\"]\s*\)", + r"require\s*\(\s*['\"]net['\"]\s*\)", + r"require\s*\(\s*['\"]dgram['\"]\s*\)", + r"process\.env", + r"process\.binding", + r"fs\.readFile|fs\.writeFile

- data := session.Profile() - if err := utils.HttpJsonRequest(w, r, &data); err != nil { - return err + profile := session.Profile() + if !profile.IsAdmin { + // Name is the only updatable field in the profile for non-admins + var payload types.MemberProfile + if err := utils.HttpJsonRequest(w, r, &payload); err != nil { + return err + } + profile.Name = payload.Name + } else { + if err := utils.HttpJsonRequest(w, r, &profile); err != nil { + return err + } } - err := api.sessions.Update(session.ID(), data) + err := api.sessions.Update(session.ID(), profile)

--- a/src/pyload/webui/app/blueprints/json_blueprint.py +++ b/src/pyload/webui/app/blueprints/json_blueprint.py @@ -9,7 +9,7 @@ from pyload.core.api import Role from pyload.core.utils import format, fs -from ..helpers import get_permission, login_required, permlist, render_template, set_permission +from ..helpers import clear_all_user_sessions, get_permission, login_required, permlist, render_template, set_permission bp = flask.Blueprint("json", __name__) @@ -360,6 +360,7 @@ def change_password(user_login, user_curpw, user_newpw): if not done: return jsonify(False), 403 #: Wrong password + clear_all_user_sessions(user_login) return jsonify(True)

Before: if (!Array.isArray(array)) { throw new Error('Array expected') } After: if (!Array.isArray(index)) { throw new Error('Array expected for index') }

--- a/lib/index.js +++ b/lib/index.js @@ -69,7 +69,7 @@ export function handle (i18next, options = {}) { } if (lng && options.getHeader(res, 'Content-Language') !== lng) { - options.setHeader(res, 'Content-Language', utils.escape(lng)) + options.setHeader(res, 'Content-Language', utils.sanitizeHeaderValue(lng)) } req.languages = i18next.services.languageUtils.toResolveHierarchy(lng)

--- a/src/tools/BashTool/bashPermissions.ts +++ b/src/tools/BashTool/bashPermissions.ts @@ -1814,7 +1814,10 @@ export async function bashToolHasPermission( input, appState.toolPermissionContext, ) - if (sandboxAutoAllowResult.behavior !== 'passthrough') { + if ( + sandboxAutoAllowResult.behavior === 'deny' || + sandboxAutoAllowResult.behavior === 'ask' + ) { return sandboxAutoAllowResult } }

--- a/objects/configurationUpdate.json.php +++ b/objects/configurationUpdate.json.php @@ -15,6 +15,8 @@ require_once $global['systemRootPath'] . 'objects/configuration.php'; require_once $global['systemRootPath'] . 'objects/functions.php'; +forbidIfIsUntrustedRequest('configurationUpdate'); + _error_log("save configuration {$_POST['language']}");

Before: - // Reject CRLF injection attempts - if (/[ \]/.test(path)) { - throw new Error("Invalid path: Contains control characters"); - } After: + // Reject control character injection attempts. + if (/[ \u0000]/.test(command)) { + throw new Error(`Invalid command: Contains control characters. (${command})`); + }

Before: - next(); After: + const authLimiter = rateLimit({ ... }); + app.use(authLimiter); + // Root endpoint with API information + app.get('/', (req, res) => { ... };

- def self.verify_no_service(token, no_password: true) + def self.verify_no_service(token, mode: :token) ... - unless no_password - return true if @@pw_hash_cache and (time - @@pw_hash_cache_time) < PW_HASH_CACHE_TIMEOUT and Argon2::Password.verify_password(token, @@pw_hash_cache) + unless mode == :password + return true if @@session_cache and (time - @@session_cache_time) < SESSION_CACHE_TIMEOUT and @@session_cache[token]

- if (!empty($requestOrigin)) { - header('Access-Control-Allow-Origin: ' . $requestOrigin); - header('Access-Control-Allow-Credentials: true'); - } else { - header('Access-Control-Allow-Origin: *'); + if (!empty($requestOrigin) && !empty($siteOriginForAllowAll) && $requestOrigin === $siteOriginForAllowAll) { + header('Access-Control-Allow-Origin: ' . $requestOrigin); + header('Access-Control-Allow-Credentials: true'); + } else { + header('Access-Control-Allow-Origin: *');

--- a/packages/plugins/@nocobase/plugin-field-sort/src/server/sort-field.ts +++ b/packages/plugins/@nocobase/plugin-field-sort/src/server/sort-field.ts @@ -120,21 +120,29 @@ export class SortField extends Field { const sortColumnName = queryInterface.quoteIdentifier(this.collection.model.rawAttributes[this.name].field); let sql: string; + let bind: any[] | undefined; const whereClause = scopeKey && scopeValue ? (() => { const filteredScopeValue = scopeValue.filter((v) => v !== null); - if (filteredScopeValue.length === 0) { - return ''; + const clauses: string[] = []; + + if (filteredScopeValue.length > 0) { + bind = filteredScopeValue; + const placeholders = filteredScopeValue.map((_, index) => `$${index + 1}`).join(', '); + clauses.push(`${queryInterface.quoteIdentifier(scopeKey)} IN (${placeholders})`); } - const initialClause = ` - WHERE ${queryInterface.quoteIdentifier(scopeKey)} IN (${filteredScopeValue.map((v) => `'${v}'`).join(', ')})`; + + if (scopeValue.includes(null)) { + clauses.push(`${queryInterface.quoteIdentifier(scopeKey)} IS NULL`); + } + + if (clauses.length === 0) { + return ''; + } + return ` + WHERE ${clauses.join(' OR ')}`; })() : ''; @@ -180,6 +188,7 @@ export class SortField extends Field { `; } await this.collection.db.sequelize.query(sql, { + bind, transaction, }); };

--- a/primitives/block/src/macro_block.rs +++ b/primitives/block/src/macro_block.rs @@ -244,6 +244,12 @@ impl MacroHeader { if self.is_election() != self.validators.is_some() { return Err(BlockError::InvalidValidators); } + // Validate that all BLS voting keys can be decompressed and structural invariants hold. + if let Some(ref validators) = self.validators { + validators + .validate_keys() + .map_err(|_| BlockError::InvalidValidators)?; + } Ok(()) }

--- a/src/api/postMessage.js +++ b/src/api/postMessage.js @@ -146,8 +146,24 @@ export const api = { } } +// Compute the expected origin once at module load. +const getExpectedIframeOrigin = () => { + try { + return new URL(getIframeUrl()).origin + } catch (err) { + return null + } +} + if (typeof window !== 'undefined') { window.addEventListener('message', e => { + const expectedOrigin = getExpectedIframeOrigin() + if (!expectedOrigin || e.origin !== expectedOrigin) return + const { sender, /* senderAPIVersion, */ action, message, payload } = e.data // console.warn(sender, action, message, payload) ``` ```diff --- a/src/api/handleEditKey.js +++ b/src/api/handleEditKey.js @@ -16,6 +74,9 @@ export function setValueOnNode (meta, value) { item.node.textContent = txtWithHiddenMeta } else if (meta.textType.indexOf('attr:') === 0) { const attr = meta.textType.replace('attr:', '') + // Drop writes to dangerous attribute names (event handlers, style) and + // reject javascript:/data:/vbscript:/file: URLs on href/src/action/etc. + if (!isSafeAttributeWrite(attr, txtWithHiddenMeta)) return item.node.setAttribute(attr, txtWithHiddenMeta) } else if (meta.textType === 'html') { const id = `${meta.textType}-${meta.children}` @@ -29,9 +90,11 @@ export function setValueOnNode (meta, value) { item.originalChildNodes = clones } + const sanitisedHtml = sanitizeTranslationHtml(txtWithHiddenMeta) + // simple case - contains all inner HTML - so just replace it if (item.children[id].length === item.node.childNodes.length) { - item.node.innerHTML = txtWithHiddenMeta + item.node.innerHTML = sanitisedHtml } else { // more complex...add somewhere in between const children = item.children[id] @@ -40,7 +103,7 @@ export function setValueOnNode (meta, value) { // append to dummy const dummy = document.createElement('div') - dummy.innerHTML = txtWithHiddenMeta + dummy.innerHTML = sanitisedHtml // loop over all childs and append them to source node before first child (the one having the startMarker) const nodes = []

--- a/src/interfaces/ws.ts +++ b/src/interfaces/ws.ts @@ -725,6 +740,20 @@ function wsInterface(app: WsApp, spark: Spark, msg: WsMessage): void { } function processLoginRequest(app: WsApp, spark: Spark, msg: WsMessage): void { + const rateLimiter = app.securityStrategy.loginRateLimiter + if (rateLimiter) { + const { allowed } = rateLimiter.check(getClientIp(app, spark)) + if (!allowed) { + spark.write({ + requestId: msg.requestId, + state: 'COMPLETED', + statusCode: 429, + message: LOGIN_RATE_LIMIT_MESSAGE + }) + return + } + } + app.securityStrategy .login(msg.login!.username, msg.login!.password)

Before: - var_export($value, return: true) After: + Utils::printable(substr($name, 0, 80))

Before: values := fmt.Sprintf("'%s',", value.(string)) After: placeholders += "?," insertValues = append(insertValues, value)

--- a/packages/plugins/@nocobase/plugin-collection-sql/src/server/resources/sql.ts +++ b/packages/plugins/@nocobase/plugin-collection-sql/src/server/resources/sql.ts @@ -103,6 +103,14 @@ export default { await next(); }, update: async (ctx: Context, next: Next) => { + const { sql } = ctx.action.params.values || {}; + if (sql) { + try { + checkSQL(sql); + } catch (e) { + ctx.throw(400, ctx.t(e.message)); + } + } const transaction = await ctx.app.db.sequelize.transaction(); try { const { upRes } = await updateCollection(ctx, transaction);

--- a/brut.apktool/apktool-lib/src/main/java/brut/androlib/res/decoder/ResFileDecoder.java +++ b/brut.apktool/apktool-lib/src/main/java/brut/androlib/res/decoder/ResFileDecoder.java @@ -100,13 +100,8 @@ public void decode(ResEntry entry, Directory inDir, Directory outDir, Map<String } // Generate output file path from entry. - String outResPath = entry.getTypeName() + entry.getConfig().getQualifiers() + "/" + entry.getName(); - if (BrutIO.detectPossibleDirectoryTraversal(outResPath)) { - LOGGER.warning("Potentially malicious file path: " + outResPath + ", using instead: " + inResPath); - outResPath = inResPath; - } else if (!ext.isEmpty()) { - outResPath += "." + ext; - } + String outResPath = entry.getTypeName() + entry.getConfig().getQualifiers() + "/" + entry.getName() + + (ext.isEmpty() ? "" : "." + ext); // Map output path to original path if it's different. String outFileName = "res/" + outResPath;

--- plugin/API/router.php +++ plugin/API/router.php - header("Access-Control-Allow-Origin: " . $HTTP_ORIGIN); -header("Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, HEAD"); -header("Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With, ua-resolution, APISecret, Origin, Accept, Access-Control-Request-Method, Access-Control-Request-Headers"); -header('Access-Control-Allow-Private-Network: true'); + +// CORS preflight handling. +// OPTIONS preflights are cross-origin by definition (same-origin requests are never +// preflighted by browsers). Returning Access-Control-Allow-Origin: * without +// Access-Control-Allow-Credentials is safe: +// - External API clients using APISecret (non-credentialed) proceed normally. +// - Credentialed attacker requests are blocked: the browser sees no +// Allow-Credentials:true in the preflight and aborts the actual request, +// so session cookies are never sent. +// Actual GET/POST responses are handled by allowOrigin(true) in get/set.json.php +// which enforces same-origin-only credentials (fixed in commit 986e64aad). if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { - header("Access-Control-Max-Age: 86400"); // Cache preflight for 24 hours - http_response_code(200); + header('Access-Control-Allow-Origin: *'); + header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS, HEAD'); + header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With, ua-resolution, APISecret, Origin, Accept, Access-Control-Request-Method, Access-Control-Request-Headers'); + header('Access-Control-Allow-Private-Network: true'); + header('Access-Control-Max-Age: 86400'); + http_response_code(204); exit; }

--- a/objects/categoryAddNew.json.php +++ b/objects/categoryAddNew.json.php @@ -19,6 +19,7 @@ $obj->msg = __("Permission denied"); die(json_encode($obj)); } +forbidIfIsUntrustedRequest('categoryAddNew'); $objCat = new Category(intval(@$_POST['id'])); $objCat->setName($_POST['name']);

Before: - const pinned = await resolvePinnedHostnameWithPolicy(parsedUrl.hostname, { - lookupFn: params.lookupFn, - policy: params.policy, - }); After: + const pinned = await resolvePinnedHostnameWithPolicy(parsedUrl.hostname, { + lookupFn: params.lookupFn, + policy: params.policy, + });

--- a/server/datasources/lunch_flow/client.go +++ b/server/datasources/lunch_flow/client.go @@ -64,7 +69,22 @@ func NewLunchFlowClient( log *slog.Logger, apiUrl string, accessToken string, + configuration config.LunchFlow, ) (LunchFlowClient, error) { + if !configuration.Enabled { + log.Error("lunch flow is not enabled on this server but the client is being instantiated!", + "bug", true, + ) + return nil, errors.New("Lunch Flow is not enabled on this server") + } + + if !configuration.IsAllowedApiUrl(apiUrl) { + log.Warn("rejected Lunch Flow API URL that is not in the configured allowlist, please update your configuration if this url is valid!", + "apiUrl", apiUrl, + ) + return nil, errors.New("Lunch Flow API URL is not in the configured allowlist") + } parsedUrl, err := url.Parse(apiUrl) if err != nil { return nil, errors.WithStack(err)

--- a/openssl/src/aes.rs +++ b/openssl/src/aes.rs @@ -243,7 +243,7 @@ pub fn unwrap_key( in_: &[u8], ) -> Result<usize, KeyError> { unsafe { - assert!(out.len() + 8 <= in_.len()); + assert!(out.len() + 8 >= in_.len());

--- a/lib/dom.js +++ b/lib/dom.js @@ -3067,6 +3108,17 @@ function serializeToString(node, buf, visibleNamespaces, opts) { case DOCUMENT_TYPE_NODE: var pubid = node.publicId; var sysid = node.systemId; + if (requireWellFormed) { + if (pubid && !g.PubidLiteral_match.test(pubid)) { + throw new DOMException('The DocumentType publicId is not a valid PubidLiteral', 'InvalidStateError'); + } + if (sysid && sysid !== '.' && !g.SystemLiteral_match.test(sysid)) { + throw new DOMException('The DocumentType systemId is not a valid SystemLiteral', 'InvalidStateError'); + } + if (node.internalSubset && node.internalSubset.indexOf(']>') !== -1) { + throw new DOMException('The DocumentType internalSubset contains "]>"', 'InvalidStateError'); + } + } buf.push(g.DOCTYPE_DECL_START, ' ', node.name); if (pubid) { buf.push(' ', g.PUBLIC, ' ', pubid);

--- a/openssl/src/md_ctx.rs +++ b/openssl/src/md_ctx.rs @@ -242,6 +242,10 @@ impl MdCtxRef { pub fn digest_final(&mut self, out: &mut [u8]) -> Result<usize, ErrorStack> { let mut len = u32::try_from(out.len()).unwrap_or(u32::MAX); + if self.size() > len as usize { + return Err(ErrorStack::get()); + } + unsafe { cvt(ffi::EVP_DigestFinal( self.as_ptr(),

--- a/kernel/server/serve.go +++ b/kernel/server/serve.go @@ -319,6 +319,11 @@ func serveExport(ginServer *gin.Engine) { } fullPath := filepath.Join(exportBaseDir, decodedPath) + if !gulu.File.IsSubPath(exportBaseDir, fullPath) { + c.Status(http.StatusUnauthorized) + return + } + if util.IsSensitivePath(fullPath) { logging.LogErrorf("refuse to export sensitive file [%s]", c.Request.URL.Path) c.Status(http.StatusForbidden)

--- a/openssl/src/ssl/callbacks.rs +++ b/openssl/src/ssl/callbacks.rs @@ -84,8 +84,10 @@ where let identity_sl = util::from_raw_parts_mut(identity as *mut u8, max_identity_len as usize); #[allow(clippy::unnecessary_cast)] let psk_sl = util::from_raw_parts_mut(psk as *mut u8, max_psk_len as usize); + let psk_cap = psk_sl.len(); match (*callback)(ssl, hint, identity_sl, psk_sl) { - Ok(psk_len) => psk_len as u32, + Ok(psk_len) if psk_len <= psk_cap => psk_len as u32, + Ok(_) => 0, Err(e) => { e.put(); 0

- const finalExtractDir = path.join(path.dirname(mcpbFilePath), `server-${manifest.name}`); - cleanupOldMcpbServer(manifest.name); + const safeServerName = validateMcpbServerName(manifest.name); + const finalExtractDir = resolveMcpbServerExtractDir(path.dirname(mcpbFilePath), safeServerName); + cleanupOldMcpbServer(safeServerName);

--- a/openssl/src/pkey_ctx.rs +++ b/openssl/src/pkey_ctx.rs @@ -820,7 +820,57 @@ impl<T> PkeyCtxRef<T> { /// /// If `buf` is set to `None`, an upper bound on the number of bytes required for the buffer will be returned. #[corresponds(EVP_PKEY_derive)] - pub fn derive(&mut self, buf: Option<&mut [u8]>) -> Result<usize, ErrorStack> { + #[allow(unused_mut)] + pub fn derive(&mut self, mut buf: Option<&mut [u8]>) -> Result<usize, ErrorStack> { + #[cfg(any(all(ossl110, not(ossl300)), libressl))] + { + if let Some(b) = buf.as_deref_mut() { + let mut required = 0; + let probe_ok = unsafe { + ffi::EVP_PKEY_derive(self.as_ptr(), ptr::null_mut(), &mut required) == 1 + }; + if !probe_ok { + let _ = ErrorStack::get(); + } else if required != usize::MAX && b.len() < required { + let mut temp = vec![0u8; required]; + let mut len = required; + unsafe { + cvt(ffi::EVP_PKEY_derive( + self.as_ptr(), + temp.as_mut_ptr(), + &mut len, + ))?; + } + let copy_len = b.len().min(len); + b[..copy_len].copy_from_slice(&temp[..copy_len]); + return Ok(copy_len); + } + } + } let mut len = buf.as_ref().map_or(0, |b| b.len()); unsafe { cvt(ffi::EVP_PKEY_derive(

--- a/lib/dom.js +++ b/lib/dom.js @@ -3062,6 +3082,20 @@ function serializeToString(node, buf, visibleNamespaces, opts) { buf.push('>'); return; case PROCESSING_INSTRUCTION_NODE: + if (requireWellFormed) { + if (node.target.indexOf(':') !== -1 || node.target.toLowerCase() === 'xml') { + throw new DOMException('The ProcessingInstruction target is not well-formed', 'InvalidStateError'); + } + if (g.InvalidChar.test(node.data)) { + throw new DOMException( + 'The ProcessingInstruction data contains characters outside the XML Char production', + 'InvalidStateError' + ); + } + if (node.data.indexOf('?>') !== -1) { + throw new DOMException('The ProcessingInstruction data contains "?>"', 'InvalidStateError'); + } + } return buf.push('<?', node.target, ' ', node.data, '?>'); case ENTITY_REFERENCE_NODE: return buf.push('&', node.nodeName, ';');

--- a/glances/plugins/ip/__init__.py +++ b/glances/plugins/ip/__init__.py @@ -71,6 +73,17 @@ def __init__(self, args=None, config=None): or self.public_api is None or self.public_field is None ) + + # Defence-in-depth: validate URL scheme to prevent SSRF via config + if not self.public_disabled and self.public_api: + parsed = urlparse(self.public_api) + if parsed.scheme not in ('http', 'https'): + logger.warning( + f"IP plugin - public_api uses forbidden scheme '{parsed.scheme}://', " + "only http:// and https:// are allowed. Public IP disabled." + ) + self.public_disabled = True + self.public_address_refresh_interval = self.get_conf_value( "public_refresh_interval", default=self._default_public_refresh_interval ) @@ -258,7 +271,10 @@ def run(self): def _fetch_public_ip_info(self): """Fetch public IP information from the configured API.""" try: - response = urlopen_auth(self.url, self.username, self.password, self.timeout).read() + if self.username and self.password: + response = urlopen_auth(self.url, self.username, self.password, self.timeout).read() + else: + response = urlopen(Request(self.url), timeout=self.timeout).read() return json_loads(response) except Exception as e: logger.debug(f"IP plugin - Cannot get public IP information from {self.url} ({e})")

--- a/glances/outputs/glances_restful_api.py +++ b/glances/outputs/glances_restful_api.py @@ -559,11 +559,25 @@ def _router(self) -> APIRouter: print(self._logo()) # Security warnings - if not self.args.password: - is_localhost = self.args.bind_address in ('127.00.1', 'localhost', '::1') + cors_origins = self.config.get_list_value('outputs', 'cors_origins', default=["*"]) + if not self.args.password and cors_origins == ["*"]: warn_lines = [ - "WARNING: Glances web server is running WITHOUT authentication.", + "WARNING: Glances web server is running without authentication and with permissive", + " CORS (Access-Control-Allow-Origin: *). Any web page reachable from your", + " browser can read system metrics. Consider binding to 127.0.0.1, enabling", + " authentication, or setting cors_origins in glances.conf.", + " See https://glances.readthedocs.io/en/latest/api/restful.html#security", ] + print('\n'.join(warn_lines) + '\n') + logger.warning( + "Glances web server is running without authentication and with permissive CORS " + "(Access-Control-Allow-Origin: *)" + ) + elif not self.args.password: + warn_lines = [ + "WARNING: Glances web server is running without authentication.", + ] is_localhost = self.args.bind_address in ('127.0.0.1', 'localhost', '::1') if is_localhost: warn_lines.append(" Use --password to enable authentication.")

--- a/api/user/user.go +++ b/api/user/user.go @@ -43,9 +43,15 @@ func InitManageUserRouter(g *gin.RouterGroup) { c.BeforeDecodeHook(encryptPassword) c.ExecutedHook(func(ctx *cosy.Ctx[model.User]) { - if ctx.Payload["password"] != "" { - a := query.AuthToken - _, _ = a.Where(a.UserID.Eq(ctx.ID)).Delete() + user.InvalidateUserCache(ctx.ID) + + if ctx.Payload["password"] != nil { + user.DeleteUserTokens(ctx.ID) + return + } + + if status, ok := ctx.Payload["status"]; ok && !cast.ToBool(status) { + user.DeleteUserTokens(ctx.ID) } }) })

Added: const OPAQUE_MUTABLE_SCRIPT_RUNNERS = new Set(["busybox", "toybox"]); Modified: function unwrapArgvForMutableOperand(argv: string[]): { argv: string[]; baseIndex: number; opaqueMultiplexerSeen: boolean; }

Before: const storeAllowFrom = await readStoreAllowFrom(); After: const storeAllowFrom = isDirectMessage ? await readStoreAllowFrom() : [];

Before: // Derive effective CDP source range: explicit config > Docker network gateway > fail-closed. let effectiveCdpSourceRange = cdpSourceRange; After: // Derive effective CDP source range: explicit config > Docker network gateway > fail-closed. let effectiveCdpSourceRange = cdpSourceRange; if (!effectiveCdpSourceRange) { const driver = await readDockerNetworkDriver(browserDockerCfg.network); const isBridgeLike = !driver || driver === "bridge"; if (isBridgeLike) { const gateway = await readDockerNetworkGateway(browserDockerCfg.network); if (gateway && !gateway.includes(":")) { effectiveCdpSourceRange = `${gateway}/32`; } } } if (!effectiveCdpSourceRange && browserDockerCfg.network.trim().toLowerCase() === "none") { effectiveCdpSourceRange = "127.0.0.1/32";

Before: - const resolvedCandidate = path.resolve(normalizedPath After: + function resolveQQBotPayloadLocalFilePath(normalizedPath: string): string | null { + const mediaDir = getQQBotDataDir(); + if (!isPathWithinRoot(normalizedPath, mediaDir)) { + return null; + } + return path.resolve(mediaDir, normalizedPath); }

+function resolveEffectiveTrustConfig(cfg: OpenClawConfig, env?: NodeJS.ProcessEnv): OpenClawConfig { + return applyPluginAutoEnable({ + config: cfg, + env: env ?? process.env, + }).config; +} + +function isTrustedWorkspaceChannelCatalogEntry( + entry: ChannelPluginCatalogEntry | undefined, + cfg: OpenClawConfig, + env?: NodeJS.ProcessEnv, +): boolean { + if (entry?.origin !== "workspace") { + return true; + } + if (!entry.pluginId) { + return false; + } + const effectiveConfig = resolveEffectiveTrustConfig(cfg, env); + return resolveEnableState( + entry.pluginId, + "workspace", + normalizePluginsConfig(effectiveConfig.plugins), + ).enabled; +} + +export function getTrustedChannelPluginCatalogEntry( + channelId: string, + params: { + cfg: OpenClawConfig; + workspaceDir?: string; + env?: NodeJS.ProcessEnv; + }, +): ChannelPluginCatalogEntry | undefined { + const candidate = getChannelPluginCatalogEntry(channelId, { + workspaceDir: params.workspaceDir, + }); + if (isTrustedWorkspaceChannelCatalogEntry(candidate, params.cfg, params.env)) { + return candidate; + } + return getChannelPluginCatalogEntry(channelId, { + workspaceDir: params.workspaceDir, + excludeWorkspace: true, + }); +} + +export function listTrustedChannelPluginCatal

Before: - config: {}, + sourceConfig: redactedResolved, + runtimeConfig: redactedConfig, + config: redactedConfig, After: + sourceConfig: redactedResolved, + runtimeConfig: redactedConfig,

Added: import { resolveManifestProviderAuthChoice } from "../../../plugins/provider-auth-choices.js"; Changed: - const loadAuthChoicePluginProvidersRuntime = createLazyRuntimeSurface( + const loadAuthChoicePluginProvidersRuntime = createLazyRuntimeSurface(( ({ authChoicePluginProvidersRuntime }) => authChoicePluginProvidersRuntime, );

Before: After: import { resolveAgentConfig, resolveAgentWorkspaceDir, resolveSessionAgentId, } from "../../agents/agent-scope.js"; +let replyMediaPathsRuntimePromise: Promise<typeof import("./reply-media-paths.runtime.js")> | null = null;

Before: ```typescript const wss = new WebSocketServer({ noServer: true }); ``` After: ```typescript const wss = new WebSocketServer({ noServer: true, maxPayload: MAX_REALTIME_MESSAGE_BYTES, });

Before: - const resolvedAuth: ResolvedGatewayAuth; After: + const getResolvedAuth = opts.getResolvedAuth ?? (() => resolvedAuth);

Before: $cmd = "wget -O {$sqlFile} {$sqlURL}"; After: $cmd = "wget -O " . escapeshellarg($sqlFile) . " " . escapeshellarg($sqlURL);

--- a/libs/application-generic/src/usecases/conditions-filter/conditions-filter.usecase.ts +++ b/libs/application-generic/src/usecases/conditions-filter/conditions-filter.usecase.ts @@ -257,6 +264,17 @@ export class ConditionsFilter extends Filter { config.headers['nv-hmac-256'] = hmac; } + const ssrfError = await validateUrlSsrf(child.webhookUrl); + + if (ssrfError) { + throw new Error( + JSON.stringify({ + message: ssrfError, + data: 'Webhook URL blocked by SSRF protection.', + }) + ); + } + try { return await axios.post(child.webhookUrl, payload, config).then((response) => {

--- a/cmd/apierrorcode_string.go +++ b/cmd/apierrorcode_string.go @@ -131,197 +131,198 @@ func _() { _ = x[ErrInvalidTagDirective-120] _ = x[ErrPolicyAlreadyAttached-121] _ = x[ErrPolicyNotAttached-122] - _ = x[ErrInvalidEncryptionMethod-123] + _ = x[ErrExcessData-123] _ = x[ErrInvalidEncryptionKeyID-124] _ = x[ErrInsecureSSECustomerRequest-125]

--- a/oxiad/common/rpc/auth/interceptor.go +++ b/oxiad/common/rpc/auth/interceptor.go @@ -98,8 +98,21 @@ func validateTokenWithContext(ctx context.Context, provider AuthenticationProvid if userName, err = provider.Authenticate(ctx, token); err != nil { slog.Debug("Failed to authenticate token", slog.String("peer", peerMeta.Addr.String()), - slog.String("token", token)) + slog.String("token", redactToken(token))) return "", err } return userName, nil } + +// redactToken returns a redacted version of a token for safe logging. +// For tokens longer than 8 characters, at most the last 8 characters are +// preserved and the rest is replaced with "[REDACTED]". Tokens of 8 characters +// or fewer are fully redacted to "[REDACTED]". +func redactToken(token string) string { + const suffixLen = 8 + const prefix = "[REDACTED]" + if len(token) <= suffixLen { + return prefix + } + return prefix + token[len(token)-suffixLen:] +}

--- a/plugin/Live/test.php +++ b/plugin/Live/test.php @@ -1,3 +1,8 @@ <?php + +require_once dirname(__FILE__) . '/../../videos/configuration.php'; + +if (!User::isAdmin()) { + http_response_code(403); + exit('Forbidden'); +} $timeStarted = microtime(true);

Before: - const pinned = await resolvePinnedHostnameWithPolicy(parsedUrl.hostname, { - lookupFn: params.lookupFn, - policy: params.policy, - }); After: + const pinned = await resolvePinnedHostnameWithPolicy(parsedUrl.hostname, { + lookupFn: params.lookupFn, + policy: params.policy, + });

Before: for _, tag := range dangerousTags { delete(metadata, tag) } After: for key := range metadata { for _, tag := range dangerousTags { if strings.EqualFold(key, tag) { delete(metadata, key) } } }

Before: const next = { ...process.env, ...backend.env }; After: const next = sanitizeHostExecEnv({ baseEnv: process.env, overrides: backend.env, blockPathOverrides: true, });

Before: ```php try{ $responseData = json_decode($packet->formData, true, self::MAX_FORM_RESPONSE_DEPTH, JSON_THROW_ON_ERROR); } catch(\JsonException $e){ // Handle exception } ``` After: ```php if(strlen($packet->formData) > self::MAX_FORM_RESPONSE_SIZE){ throw new PacketHandlingException("Form response data too large, refusing to decode (received" . strlen($packet->formData) . " bytes, max " . self::MAX_FORM_RESPONSE_SIZE . " bytes)"); } try{ $responseData = json_decode($packet->formData, true, self::MAX_FORM_RESPONSE_DEPTH, JSON_THROW_ON_ERROR); } catch(\JsonException $e){ // Handle exception }

Before: if params.RedirectURI != nil { redirectURL = *params.RedirectURI } After: if !validators.IsValidOrigin(redirectURL, g.Config.AllowedOrigins) { log.Debug().Msg("Invalid redirect URI") return nil, fmt.Errorf("invalid redirect URI") }

Before: const fetchImpl = params.fetchImpl ?? fetch; After: const externalFetchImpl = params.fetchImpl; const guardedFetchImpl: typeof f

Before: - const citedContent = await resolveAllCites(content.content); After: + // Resolve any cited/quoted messages first + const citedContent = await resolveAllCites(content.content);

--- a/pkg/reconciler/pipelinerun/pipelinerun.go +++ b/pkg/reconciler/pipelinerun/pipelinerun.go @@ -367,6 +367,13 @@ func (c *Reconciler) resolvePipelineState( ) (resources.PipelineRunState, error) { ctx, span := c.tracerProvider.Tracer(TracerName).Start(ctx, "resolvePipelineState") defer span.End(); + + // List VerificationPolicies once per reconcile for trusted resources (used by all pipeline tasks). + vp, err := c.verificationPolicyLister.VerificationPolicies(pr.Namespace).List(labels.Everything()) + if err != nil { + return nil, fmt.Errorf("failed to list VerificationPolicies from namespace %s with error %w", pr.Namespace, err) + } + // Resolve each pipeline task individually because they each could have a different reference context (remote or local). for _, pipelineTask := range pipelineTasks { // We need the TaskRun name to ensure that we don't perform an additional remote resolution request for a PipelineTask @@ -377,12 +384,6 @@ func (c *Reconciler) resolvePipelineState( pr.Name, ) - // list VerificationPolicies for trusted resources - vp, err := c.verificationPolicyLister.VerificationPolicies(pr.Namespace).List(labels.Everything()) - if err != nil { - return nil, fmt.Errorf("failed to list VerificationPolicies from namespace %s with error %w", pr.Namespace, err) - } - getChildPipelineRunFunc := func(name string) (*v1.PipelineRun, error) { return c.pipelineRunLister.PipelineRuns(pr.Namespace).Get(name) }

-if (empty($_GET['users_id'])) { - if (!User::isAdmin()) { - $_GET['users_id'] = User::getId(); - } +if (!User::isAdmin()) { + // Non-admin users are always restricted to their own records. + // The empty() guard was bypassable by supplying users_id explicitly (IDOR). + $_GET['users_id'] = User::getId(); }

Before: $tryFile = "{$global['systemRootPath']}{$encoder}videos/{$parts[1]}"; After: $videosBaseDir = realpath("{$global['systemRootPath']}{$encoder}videos"); $realTryFile = realpath($tryFile); if ($videosBaseDir === false || $realTryFile === false || strpos($realTryFile, $videosBaseDir . DIRECTORY_SEPARATOR) !== 0 ) { _error_log("try_get_contents_from_local: blocked path traversal attempt for url={$url}"); return false; }

- - reply: (text: string) => Promise<void>, + meta: { eventId: string; createdAt: number }, + ) => Promise<void>; + + /** Called before expensive crypto to allow sender policy checks (optional) */ + authorizeSender?: (params: { + senderPubkey: string; + reply: (text: string) => Promise<void>; + }) => Promise<'allow' | 'block' | 'pairing'>;

Before: - handler := graphqlServer.CreateHandler(schemaProvider.GetSchema()) After: + gqlHandler := graphqlServer.CreateHandler(schemaProvider.GetSchema()) + handler := queryvalidation.Middleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Header.Get("Accept") == "text/event-stream" { + graphqlServer.HandleSubscription(w, r, gqlHandler.Schema) + return + } + gqlHandler.Handler.ServeHTTP(w, r) + }), queryvalidation.Config{ + MaxDepth: limits.MaxQueryDepth, + })

--- a/glances/exports/glances_cassandra/__init__.py +++ b/glances/exports/glances_cassandra/__init__.py @@ -47,6 +61,17 @@ def __init__(self, config=None, args=None): if not self.export_enable: sys.exit(2) + # Validate CQL identifiers to prevent injection via config values + try: + self.keyspace = _validate_cql_identifier(self.keyspace, 'keyspace') + self.table = _validate_cql_identifier(self.table, 'table') + self.replication_factor = int(self.replication_factor) + if self.replication_factor < 1: + raise ValueError("replication_factor must be a positive integer") + except ValueError as e: + logger.critical(f"Cassandra configuration error: {e}") + sys.exit(2)

--- a/src/server/auth-client.ts +++ b/src/server/auth-client.ts - private proxyFetchers: { [audience: string]: Fetcher<Response> } = {}; + private proxyDpopHandles: { [audience: string]: oauth.DPoPHandle } = {}; --- a/src/server/auth-client.ts +++ b/src/server/auth-client.ts - let fetcher: Fetcher<Response>; - if (this.provider) { - fetcher = await this.provider.getProxyFetcher(cacheKey, async () => { - return this.fetcherFactory({ - useDPoP: this.useDPoP, - fetch: this.fetch, - getAccessToken: getAccessToken - }); - }); - } else { - // Static mode or no provider: use local cache - fetcher = this.proxyFetchers[options.audience]; - if (!fetcher) { - fetcher = await this.fetcherFactory({ - useDPoP: this.useDPoP, - fetch: this.fetch, - getAccessToken: getAccessToken - }); - this.proxyFetchers[options.audience] = fetcher; - } - } + const dpopHandle = + this.useDPoP && this.dpopKeyPair + ? (this.proxyDpopHandles[options.audience] ??= oauth.DPoP( + this.clientMetadata, + this.dpopKeyPair + )) + : undefined; - // Override getAccessToken for the current request - // @ts-expect-error Override fetcher's getAccessToken to capture token set side effects - fetcher.getAccessToken = getAccessToken; + const fetcher = await this.fetcherFactory({ + useDPoP: this.useDPoP, + fetch: this.fetch, + getAccessToken, + dpopHandle + });

Before: <time class="duration"><?php echo Video::getCleanDuration($value['duration']); ?></time> After: <time class="duration"><?php echo htmlspecialchars(Video::getCleanDuration($value['duration']), ENT_QUOTES, 'UTF-8'); ?></time>

Added autoCSRFGuard function: function autoCSRFGuard($baseName) { global $global; // Respect existing full bypass (encoder callbacks, CLI, etc.) if (!empty($global['bypassSameDomainCheck']) || isCommandLineInterface()) { return; } // Per-request opt-out — must be set before configuration.php loads if (!empty($global['skipAutoCSRFCheck'])) { return; } // Built-in bypass list. // Groups: // auth/signup — accept calls from mobile apps & external clients // public reads — use POST params for filtering, but mutate nothing // public write — like/view/subscribe actions open to all users // encoder — authenticated via video-hash token, not session static $builtinBypass = [ // Auth & account management 'login.json.php', 'userCrea

Added line: - forbidIfIsUntrustedRequest('categoryDeleteAssets'); - forbidIfIsUntrustedRequest('commentAddNew'); - forbidIfIsUntrustedRequest('comments_like');

Before: - $_GET['livelink'] = $headers[

Before: if (User::isAdmin() && $_SESSION["palavra"] === 'admin') { return true; } After: $stored = $_SESSION["palavra"]; unset($_SESSION["palavra"]); // always consume on any attempt to prevent brute-force if (User::isAdmin() && $stored === 'admin') { return true; }

Before: - const bodyResult = await readJsonBodyWithLimit(req, { + const rawBody = await readRequestBodyWithLimit(req, { After: + const parsed = JSON.parse(rawBody) as unknown; + return isFeishuWebhookPayload(parsed) ? parsed : null;

Before: if (fn[0] == '.' && fn[1] == '.' && fn[2] == '/') return 1; After: if (fn[0] == '.' && fn[1] == '.' && (fn[2] == '/' || fn[2] == '\0')) return 1;

Before: - let cookie = `${name}=${value}` After: + if (!validCookieNameRegEx.test(name)) { + throw new Error('Invalid cookie name') + } + let cookie = `${name}=${value}`

- if (isset($event->settings['custom_less']) && preg_match('/@import|data-uri\s*\(/i', $event->settings['custom_less'])) { - throw new ValidationException([ - 'custom_less' => $translator->trans('core.admin.appearance.custom_styles_cannot_use_less_features') - ]); + foreach ($lessFeatureKeys as $key) { + if (is_string($event->settings[$key]) && preg_match('/@import|data-uri\s*\(/i', $event->settings[$key])) { + throw new ValidationException([ + $key => $translator->trans('core.admin.appearance.custom_styles_cannot_use_less_features') + ]); + }

Before: this.name = this.options.name || this._getHostname(); After: this.name = (this.options.name || this._getHostname()).toString().replace(/[ ]+/g, '');

Before: // One rate limiter per account, created lazily const rateLimiters = new Map<string, RateLimiter>(); After: const invalidTokenRateLimiters = new Map<string, InvalidTokenRateLimiter>(); const PREAUTH_MAX_REQUESTS_PER_MINUTE = 10; const INVALID_TOKEN_WINDOW_MS = 60_000; const INVALID_TOKEN_MAX_TRACKED_KEYS = 5_000; class InvalidTokenRateLimiter { private readonly limit: number; private readonly state = new Map<string, InvalidTokenRateLimitState>(); constructor(limit: number) { this.limit = limit; } // ... (rest of the class implementation) }

--- a/openc3/python/openc3/models/tool_config_model.py +++ b/openc3/python/openc3/models/tool_config_model.py @@ -9,12 +9,15 @@ # This file may also be used under the terms of a commercial license # if purchased from OpenC3, Inc. +import re from typing import Any from openc3.environment import OPENC3_SCOPE from openc3.utilities.local_mode import LocalMode from openc3.utilities.store import Store +PATH_TRAVERSAL_PATTERN = re.compile(r"[/\]|\.\.") + class ToolConfigModel: @classmethod @@ -26,11 +29,17 @@ def config_tool_names(cls, scope: str = OPENC3_SCOPE): @classmethod def list_configs(cls, tool: str, scope: str = OPENC3_SCOPE): + if PATH_TRAVERSAL_PATTERN.search(tool): + raise RuntimeError(f"Invalid tool name: {tool}") keys = Store.hkeys(f"{scope}__config__{tool}") return [key.decode() for key in keys] @classmethod def load_config(cls, tool: str, name: str, scope: str = OPENC3_SCOPE): + if PATH_TRAVERSAL_PATTERN.search(tool): + raise RuntimeError(f"Invalid tool name: {tool}") + if PATH_TRAVERSAL_PATTERN.search(name): + raise RuntimeError(f"Invalid config name: {name}") return Store.hget(f"{scope}__config__{tool}", name).decode()

Before: - await process_image(url) After: + _validate_url(url) + if _is_private_ip(parsed.hostname): + raise HTTPException(status_code=400, detail='Private IP addresses are not allowed.') + await process_image(url)

Before: - if($packet->actorRuntimeId !== $this->player->getId()){ - //TODO HACK: EATING_ITEM is sent back to the server when the server sends it for other players (1.14 bug, maybe earlier) - return $packet->actorRuntimeId === ActorEvent::EATING_ITEM; - } After: + return true; //not used

--- a/plugins/database/postgresql/postgresql.go +++ b/plugins/database/postgresql/postgresql.go @@ -445,7 +445,7 @@ func (p *PostgreSQL) defaultDeleteUser(ctx context.Context, username string) err } revocationStmts = append(revocationStmts, fmt.Sprintf( `REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA %s FROM %s;`, - (schema), + dbutil.QuoteIdentifier(schema), dbutil.QuoteIdentifier(username)))

Before: - const response = await fetch(url, { - signal: controller.signal, - headers: { - Range: "bytes=0-65535", - "User-Agent": "QQBot-Image-Size-Detector/1.0", - }, - }); After: + const response = await fetchRemoteMedia(url, { + signal: controller.signal, + headers: { + Range: "bytes=0-65535", + "User-Agent": "QQBot-Image-Size-Detector/1.0", + }, + policy: IMAGE_PROBE_SSRF_POLICY, + });

Before: if (approvers.length === 0) { return { authorized: true } as const; } After: if (approvers.length === 0) { // Empty approver sets are implicit same-chat fallback, not explicit approver bypass. return markImplicitSameChatAppro }

Added the following code to enforce SSRF policy: ```typescript const EXISTING_SESSION_INTERACTION_NAVIGATION_RECHECK_DELAYS_MS = [0, 250, 500] as const; async function assertExistingSessionPostInteractionNavigationAllowed(params: { profileName: string; userDataDir?: string; targetId: string; ssrfPolicy?: BrowserNavigationPolicyOptions["ssrfPolicy"]; }): Promise<void> { const ssrfPolicyOpts = withBrowserNavigationPolicy(params.ssrfPo

Added function: ```typescript async function assertPostInteractionNavigationSafe(opts: { cdpUrl: string; page: Awaited<ReturnType<typeof getPageForTargetId>>; ssrfPolicy?: SsrFPolicy; targetId?: string; }): Promise<void> { ... } ``` Modified `clickViaPlaywright` to include `ssrfPolicy`: ```typescript export async function clickViaPlaywright(opts: { cdpUrl: string; targetId?: string; modifiers?: Array<'Alt' | 'Control' | 'ControlOrMeta' | 'Meta' | 'Shift'>; delayMs?: number; timeoutMs?: number; ssrfPolicy?: SsrFPolicy; }): Promise<void> { ... }

Before: if (firstToken === "on" || firstToken === "off") { } After: if (requiresAdminToMutateDreaming(ctx.gatewayClientScopes)) { return { text: "⚠️ /dreaming on|off requires operator.admin for gateway clients." }; }

Before: - name: value.name, After: + name: safeName,

Added blocked keys: + "BROWSER_EXECUTABLE_PATH", + "CLAWHUB_AUTH_TOKEN", + "CLAWHUB_CONFIG_PATH", + "CLAWHUB_TOKEN", + "CLAWHUB_URL", + "OPENAI_API_KEY", + "OPENAI_API_KEYS", + "OPENCLAW_ALLOW_INSECURE_PRIVATE_WS", + "OPENCLAW_ALLOW_PROJECT_LOCAL_BIN", + "OPENCLAW_BROWSER_EXECUTABLE_PATH", + "OPENCLAW_CACHE_TRACE", + "OPENCLAW_CACHE_TRACE_FILE", + "OPENCLAW_CACHE_TRACE_MESSAGES", + "OPENCLAW_CACHE_TRACE_PROMPT", + "OPENCLAW_CACHE_TRACE_SYSTEM", + "OPENCLAW_GATEWAY_PORT", + "OPENCLAW_GATEWAY_URL", + "OPENCLAW_MPM_CATALOG_PATHS", + "OPENCLAW_NODE_EXEC_FALLBACK", + "OPENCLAW_NODE_EXEC_HOST", + "OPENCLAW_PLUGIN_CATALOG_PATHS", + "OPENCLAW_RAW_STREAM", + "OPENCLAW_RAW_STREAM_PATH", + "OPENCLAW_SHOW_SECRETS", + "OPENCLAW_TEST_TAILSCALE_BINARY", + "PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH", Added blocked suffixes: +const BLOCKED_WORKSPACE_DOTENV_SUFFIXES = ["_BASE_URL"];

Before: - res.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, proxy-revalidate"); - res.setHeader("Pragma", "no-cache"); - res.setHeader("Expires", "0"); After: + if (!hasVerifiedBrowserAuth(req)) { + res.status(401).send("Unauthorized"); + return; + } + res.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, proxy-revalidate"); + res.setHeader("Pragma", "no-cache"); + res.setHeader("Expires", "0");

Before: if (element) { return jsonError(res, 400, EXISTING_SESSION_LIMITS.snapshot.screenshotElement); } After: if (ssrfPolicyOpts.ssrfPolicy) { await assertBrowserNavigationResultAllowed({ url: tab.url, ...ssrfPolicyOpts, }); }

Before: const SANDBOX_MEDIA_PARAM_KEYS = ["media", "path", "filePath", "mediaUrl", "fileUrl"] as const; After: const SANDBOX_MEDIA_PARAM_KEYS = ["media", "path", "filePath", "mediaUrl", "fileUrl", "image"] as const;

Before: wsUrl = opts.cdpUrl; After: + await assertCdpEndpointAllowed(opts.cdpUrl, opts.ssrfPolicy); wsUrl = opts.cdpUrl;

Added isDefaultMemoryPath function: function isDefaultMemoryPath(relPath: string): boolean { const normalized = relPath.trim().replace(/^.\//, "").replace(/\\g/, "/"); if (!normalized) { return false; } if ( normalized === "MEMORY.md" || normalized === "memory.md" || normalized === "DREAMS.md" || normalized === "dreams.md" ) { return true; } return normalized.startsWith("memory/"); } Modified buildQmdProcessPath to use isDefaultMemoryPath: function buildQmdProcessPath(rawPath: string | undefined): string { const nodeBinDir = path.dirname(process.execPath); const entries = rawPath?.split(path.delimiter).filter(Boolean) ?? []; return entries.map(entry => { if (!isDefaultMemoryPath(entry)) { throw new Error("Invalid memory path"); } return entry; }).join(path.delimiter); }

--- a/src/infra/heartbeat-runner.ts +++ b/src/infra/heartbeat-runner.ts @@ -917,7 +952,7 @@ MessageThreadId: delivery.threadId, Provider: hasExecCompletion ? "exec-event" : hasCronEvents ? "cron-event" : "heartbeat", SessionKey: runSessionKey, - ForceSenderIsOwnerFalse: hasExecCompletion, + ForceSenderIsOwnerFalse: hasExecCompletion || hasUntrustedPendingEvents, }; if (!visibility.showAlerts && !visibility.showOk && !visibility.useIndicator) { emitHeartbeatEvent({

- return normalizeLowercaseStringOrEmpty(evt).includes("exec finished"); + const normalized = normalizeLowercaseStringOrEmpty(evt).trimStart(); return ( /^exec finished(?::|\s*\()/.test(normalized) || /^exec (completed|failed) \([a-z0-9_-]{1,64}, (code -?\d+|signal [^)]+)\)( :: .*)?$/.test( normalized, ) );

- const shellPayload = command.shellPayload; + const shellWrapperInvocation = isShellWrapperInvocation(command.argv);

Before: - const filePath = record?.path; After: + let normalizedRecord: Record<string, unknown> | undefined; + for (const key of pathParamKeys) { + const filePath = record?.[key]; + if (typeof filePath !== "string" || !filePath.trim()) { + continue; + } + // Path validation and normalization logic here + }

Before: - return readLocalFileSafely(resolvePathFromInput(params.cfg, params.agentId || '', params.workspaceDir || '')); After: + if (!isAgentScopedHostMediaReadAllowed(params)) { + return undefined; + } + const resolvedPath = resolvePathFromInput(params.cfg, params.agentId || '', params.workspaceDir || ''); + return readLocalFileSafely(resolvedPath);

Added functions: resolveFollowupAuthorizationKey(run: FollowupRun["run"]): string splitCollectItemsByAuthorization(items: FollowupRun[]): FollowupRun[][] Modified function: resolveOriginRoutingMetadata(items: FollowupRun[]): OriginRoutingMetadata

Added a new function `didCrossDocumentUrlChange`: ```typescript function didCrossDocumentUrlChange(page: { url(): string }, previousUrl: string): boolean { return page.url() !== previousUrl; }

Before: await resolvePinnedHostnameWithPolicy(parsed.hostname, { policy: ssrfPolicy, }); After: try { await resolvePinnedHostnameWithPolicy(parsed.hostname, { policy: ssrfPolicy, }); } catch (err) { if (err instanceof SsrFBlockedError) { throw new BrowserCdpEndpointBlockedError({ cause: err }); } throw err; }

Before: - try { - await resolvePinnedHostnameWithPolicy(parsed.hostname, { - policy: ssrfPolicy, - }); - } catch (err) { - // Rethrow SSRF policy failures against the CDP endpoint itself as a - // browser-endpoint-scoped error so the route mapping does not confuse - // them with navigation-target policy blocks. - if (err instanceof SsrFBlockedError) { - throw new BrowserCdpEndpointBlockedError({ cause: err }); - } - throw err; - } After: + await resolvePinnedHostnameWithPolicy(parsed.hostname, { + policy: ssrfPo

Before: return new BaseOidcClientWithCache(new BaseOidcClientJersey(oidcProviderRealmBaseUrl, oidcProviderDiscoveryPath, trustStore, keyStore, keyStore == null ? null : keyStorePassword, proxyUrl, proxyUsername, proxyPassword, buildInfoReader().getUserAgentValue(), oidcProviderClientTimeoutConnect(), After: return new BaseOidcClientWithCache(new BaseOidcClientJersey(oidcProviderRealmBaseUrl, oidcProviderDiscoveryPath, trustStore, keyStore, keyStore == null ? null : keyStorePassword, proxyUrl, proxyUsername, proxyPassword, buildInfoReader().getUserAgentValue(), oidcProviderClientTimeoutConnect(), oidcProviderClientCacheConfigurationResourceTimeout, oidcProviderClientCacheJwksResourceTimeout

Before: $this->logger->debug($packet->getName() . ": " . base64_encode($buffer)); After: $debugSegment = substr($buffer, 0, 1024); $debugSegmentLength = strlen($debugSegment); $fullLength = strlen($buffer); $truncatedLabel = $debugSegmentLength === $fullLength ? "" : " ... (" . ($fullLength - $debugSegmentLength) . " bytes not shown)"; $this->logger->debug($label . ": " . $packet->getName() . " ($fullLength bytes): " . base64_encode($debugSegment) . $truncatedLabel);

--- a/src/gql/resolvers/mutations/Asset.php +++ b/src/gql/resolvers/mutations/Asset.php @@ -251,6 +251,10 @@ protected function handleUpload(AssetElement $asset, array $fileInformation): bo } elseif (!empty($fileInformation['url'])) { $url = $fileInformation['url']; + if (!$this->validateScheme($url)) { + throw new UserError("$url contains an invalid scheme."); + } + if (!$this->validateHostname($url)) { throw new UserError("$url contains an invalid hostname."); } @@ -297,6 +301,13 @@ protected function handleUpload(AssetElement $asset, array $fileInformation): bo return true; } + private function validateScheme(string $url): bool + { + // block Gopher/File/FTP Smuggling + $scheme = parse_url($url, PHP_URL_SCHEME); + return in_array(strtolower($scheme), ['http', 'https'], true); + } private function validateHostname(string $url): bool {

Before: - $resp->error = !unlink("{$clonesDir}{$_GET['deleteDump']}"); After: + // Security: Strip path traversal components and validate path stays within clonesDir + $deleteDump = basename($_GET['deleteDump']); + $filePath = "{$clonesDir}{$deleteDump}"; + $realFilePath = realpath($filePath); + $realClonesDir = realpath($clonesDir); + if ($realFilePath === false || $realClonesDir === false || strpos($realFilePath, $realClonesDir) !== 0) { + $resp->msg = "Invalid file path"; + die(json_encode($resp)); + } + $resp->error = !unlink($realFilePath);

Before: luteEngine := lute.New() After: luteEngine := lute.New() luteEngine.SetSanitize(true)

--- a/src/controllers/AppController.php +++ b/src/controllers/AppController.php @@ -110,17 +112,23 @@ public function actionResourceJs(string $url): Response { $this->requireCpRequest(); - if (!str_starts_with($url, Craft::$app->getAssetManager()->baseUrl)) { + $assetManager = Craft::$app->getAssetManager(); + $baseUrl = StringHelper::ensureRight($assetManager->baseUrl, '/'); + if (!str_starts_with($url, $baseUrl)) { throw new BadRequestHttpException("$url does not appear to be a resource URL"); } - // Close the PHP session in case this takes a while - Session::close(); + $resourceUri = preg_replace('/^(.*)\?.*/', '$1', substr($url, strlen($baseUrl))); - $response = Craft::createGuzzleClient()->get($url); - $this->response->setCacheHeaders(); - $this->response->getHeaders()->set('content-type', 'application/javascript'); - return $this->asRaw($response->getBody()); + try { + $publishedPath = App::resourcePathByUri($resourceUri); + } catch (InvalidArgumentException $e) { + throw new BadRequestHttpException($e->getMessage(), previous: $e); + } + + return $this->response->sendFile($publishedPath, null, [ + 'inline' => true, + ]); }

--- a/src/controllers/UsersController.php +++ b/src/controllers/UsersController.php @@ -1261,6 +1261,10 @@ public function actionSavePermissions(): Response { $this->requireCpRequest(); + if (!$this->showPermissionsScreen()) { + throw new ForbiddenHttpException('User not authorized to perform this action.'); + } + $currentUser = static::currentUser(); $user = $this->editedUser((int)$this->request->getRequiredBodyParam('userId')); @@ -2784,6 +2788,10 @@ private function _saveUserPermissions(User $user, User $currentUser): void */ private function _saveUserGroups(User $user, User $currentUser): void { + if (!$currentUser->canAssignUserGroups()) { + return; + } + $groupIds = $this->request->getBodyParam('groups');

Before: ``` $Link['element']['attributes']['href'] = ''; ```After: ``` if ($href !== '' && !preg_match('/^(https?://|mailto:|/|#)/i', $href)) { $Link['element']['attributes']['href'] = ''; }

Before: removeMatchingHeaders(/^(?:(?:proxy-)?authorization|cookie)$/i, this._options.headers); After: removeMatchingHeaders(this._headerFilter, this._options.headers);

Before: - configPath, - stateDir: STATE_DIR, After: + if (opts?.includeSensitive === true) { + const auth = resolveGatewayAuth({ authConfig: cfg.gateway?.auth, env: process.env }); + // Surface resolved paths only to admin callers that already have broader gateway access. + snapshot.configPath = createConfigIO().configPa

Before: if (action === "set") { After: if (ctx.channel === "webchat" && !ctx.gatewayClientScopes?.includes("operator.admin")) { return { text: `⚠️ ${commandLabel} set requires operator.admin for gateway clients.` };

Before: - existing.map((entry) => - fs.rm(path.join(params.targetDir, entry), { - recursive: true, - force: true, - }), - ), After: + existing + .filter((entry) => !isExcluded(entry)) + .map((entry) => + fs.rm(path.join(params.targetDir, entry), { + recursive: true, + force: true, + }), + ),

Before: - await mkdir(mediaDir, { recursive: true }); After: + const MAX_IMAGES_PER_MESSAGE = 8; + const TLON_MEDIA_DOWNLOAD_IDLE_TIMEOUT_MS = 30_000;

Before: self.screen.navigate(to: initialUrl) After: self.screen.navigate(to: initialUrl, trustA2UIActions: true)

Before: - readFileAsync(payloadPath); After: + const allowedPath = validateStructuredPayloadLocalPath(ctx, payloadPath, mediaType); + if (allowedPath) { + return readFileAsync(allowedPath); + }

Before: - const key = normalizeEnvVarKey(rawKey, { portable: true }); After: + const key = normalizeHostOverrideEnvVarKey(rawKey);

Before: if (normalizedHost === "localhost") {<br>After: const canonicalHost = normalizedHost.replace(/\.+$/, ");<br>&nbsp;&nbsp;if (canonicalHost === "localhost") {

Before: - const visibilityRequesterKey = effectiveRequesterKey.trim(); After: + const visibilityRequesterKey = (opts?.agentSessionKey ?? effectiveRequesterKey).trim(); Before: - let requestedKeyRaw = requestedKeyParam ?? opts?.agentSessionKey; After: + const requestedKeyInput = requestedKeyRaw?.trim() ?? "";

Before: - function timingSafeEqualString(left: string, right: string): boolean { - const leftBuffer = Buffer.from(left, "utf8"); - const rightBuffer = Buffer.from(right, "utf8"); - if (leftBuffer.length !== rightBuffer.length) { - return false; - } - return crypto.timingSafeEqual(leftBuffer, rightBuffer); - } After: + import { safeEqualSecret } from "openclaw/plugin-sdk/browser-support"; + // ... + return safeEqualSecret(computedSignature, signature);

Before: - throw new Error(`OpenShell remote path must be absolute: ${candidate}`); After: + if (!isManagedOpenShellRemotePath(normalized)) { + throw new Error( + `OpenShell ${fieldName} must stay under ${OPEN_SHELL_MANAGED_REMOTE_ROOTS.join(

- const key = `${target.path}:${target.account.accountId}:${update.event_name}:${messageId}`; + const chatId = update.message?.chat?.id ?? ""; const senderId = update.message?.from?.id ?? ""; const key = [target.path, target.account.accountId, update.event_name, chatId, senderId, messageId].join(":");

Before: if (token === "node") { const tail = argv.slice(idx + 1); const normalizedTail = tail[0] === "--" ? tail.slice(1) : tail; return normalizedTail; } After: if (token === "dlx") { return unwrapPnpmDlxInvocation(argv.slice(idx + 1)); } if (token === "node") { const tail = argv.slice(idx + 1); const normalizedTail = tail[0] === "--" ? tail.slice(1) : tail; return normalizedTail; }

-const SHELL_WRAPPER_DISQUALIFYING_SCRIPT_OPTIONS = ["--rcfile", "--init-file", "--startup-file"] as const; +function hasDisqualifyingShellWrapperScriptOption(token: string): boolean { + return SHELL_WRAPPER_DISQUALIFYING_SCRIPT_OPTIONS.some( + (option) => token === option || token.startsWith(`${option}=`), + ); +} -idx += 2; +if (hasDisqualifyingShellWrapperScriptOption(token)) { + return undefined; +}

Before: - const sorted = reqs.slice().toSorted((a, b) => resolveLastSeenAt(a) - resolveLastSeenAt(b)); - return { requests: sorted.slice(-maxPending), removed: true }; After: + const grouped = new Map<string, number[]>(); + for (const [index, entry] of reqs.entries()) { + const accountId = resolvePairingRequestAccountId(entry); + const current = grouped.get(accountId); + if (current) { + current.push(index); + continue; + } + grouped.set(accountId, [index]); + } + for (const indexes of grouped.values()) { + if (indexes.length <= maxPending) { + continue; + } + const sortedIndexes = indexes + .slice() + .toSorted((left, right) => resolveLastSeenAt(reqs[left]) - resolveLastSeenAt(reqs[right])); + for (const index of sortedIndexes.slice(0, sortedIndexes.length - maxPending)) { + droppedIndexes.add(index); + } + }

Before: return SubPath / safePath; After: var delegatePath = SubPath / safePath; if (delegatePath != SubPath && !delegatePath.IsInDirectory(SubPath, true)) { throw new UnauthorizedAccessException($

src/block/BaseSign.php @@ -130,7 +130,9 @@ public function onPostPlace() : void{ - if($player instanceof Player){ + //TODO: HACK! We really shouldn't be keeping disconnected players (and generally flagged-for-despawn entities) + //in the world's entity table, but changing that is too risky for a hotfix. This workaround will do for now. + if($player instanceof Player && $player->isConnected()){ $player->openSignEditor($this->position); } } src/entity/object/ExperienceOrb.php @@ -163,7 +163,9 @@ public function getTargetPlayer() : ?Human{ - if($entity instanceof Human){ + //TODO: HACK! We really shouldn't be keeping disconnected players (and generally flagged-for-despawn entities) + //in the world's entity table, but changing that is too risky for a hotfix. This workaround will do for now. + if($entity instanceof Human && !$entity->isFlaggedForDespawn()){ return $entity; } }

- const content = await (isRemotePath(href) ? fetch(imageSrc) : assets.fetch(imageSrc)); + const content = await (isRemotePath(href) + ? fetch(imageSrc, { redirect: 'manual' }) + : assets.fetch(imageSrc)); + + if (content.status >= 300 && content.status < 400) { + return new Response('Not Found', { status: 404 }); + }

--- a/internal/sanitize/sanitize.go +++ b/internal/sanitize/sanitize.go @@ -237,6 +239,15 @@ func rawState(l *sqlLexer) stateFn { l.start = l.pos return placeholderState } + if tagLen, ok := scanDollarQuoteTag(l.src[l.pos:]); ok { + l.dollarTag = l.src[l.pos : l.pos+tagLen] + l.pos += tagLen + 1 + return dollarQuoteState + } case '-': nextRune, width := utf8.DecodeRuneInString(l.src[l.pos:]) if nextRune == '-' {

--- a/openssl/src/util.rs +++ b/openssl/src/util.rs @@ -55,6 +55,7 @@ where })); match result { + Ok(Ok(len)) if len > size as usize => 0, Ok(Ok(len)) => len as c_int, Ok(Err(_)) => { // FIXME restore error stack

--- a/builtin/credential/cert/path_login.go +++ b/builtin/credential/cert/path_login.go @@ -162,6 +165,7 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *fra auth := &logical.Auth{ InternalData: map[string]interface{}{ + "certificate": cert, "subject_key_id": skid, "authority_key_id": akid, }, @@ -238,10 +242,14 @@ func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *f clientCerts := req.Connection.ConnState.PeerCertificates if len(clientCerts) == 0 { return logical.ErrorResponse("no client certificate found"), nil } - skid := base64.StdEncoding.EncodeToString(clientCerts[0].SubjectKeyId) - akid := base64.StdEncoding.EncodeToString(clientCerts[0].AuthorityKeyId) - // Certificate should not only match a registered certificate policy. - // Also, the identity of the certificate presented should match the identity of the certificate used during login - if req.Auth.InternalData["subject_key_id"] != skid && req.Auth.InternalData["authority_key_id"] != akid { - return nil, errors.New("client identity during renewal not matching client identity used during login") + // We want to ensure the original request certificate and this + // certificate match. A renewed certificate does not match and thus + // will be rejected. + originalCertRaw, err := base64.StdEncoding.DecodeString(certBase64.(string)) + if err != nil { + return nil, fmt.Errorf("failed to base64-decode original certificate: %w", err) + } + + if subtle.ConstantTimeCompare(originalCertRaw, clientCerts[0].Raw) == 0 { + return nil, fmt.Errorf("client identity during renewal not matching client identity used during login:\n\toriginal: %v\n\trenewal: %v", originalCertRaw, matched.Certificates[0].Raw) } }

Before: -async function isFeedbackInvokeAuthorized(context: MSTeamsTurnContext, deps: MSTeamsMessageHandlerDeps): Promise<boolean> { After: +async function isInvokeAuthorized(params: { context: MSTeamsTurnContext; deps: MSTeamsMessageHandlerDeps; deniedLogs: { dm: string; channel: string; group: string }; includeInvokeName?: boolean }): Promise<boolean> { + const { context, deps, deniedLogs, includeInvokeName = false } = params; Before: - deps.log.debug?.("dropping feedback invoke (dm sender not allowlisted)", { After: + deps.log.debug?.(deniedLogs.dm, { Before: - deps.log.debug?.("dropping feedback invoke (not in team/channel allowlist)", { After: + deps.log.debug?.(deniedLogs.channel, { Before: - deps.log.debu

Before: + /** Session context needed to preserve outbound media policy on recovery. */ + session?: OutboundSessionContext; After: - mirror: params.mirror, + session: params.session,

Before: - // ... (omitted) After: +//! Sponge-based hash functions built from cryptographic permutations. +//! ... (additional documentation and code)

Before: - const fileExists = await fs.access(filePath); After: + try { + const fileContent = await readFileWithinRoot(filePath); + } catch (error) { + if (!shouldSkipScriptPreflightPathError(error)) { + throw error; + } + }

Before: - return jsonify(True) After: + clear_all_user_sessions(user_login) return jsonify(True)

Before: - .ok_or_else(|| { - Error::RecordFile(format!( - "Could not find entry for {} ({})", - relative_to_site_packages.simplified_display(), - src.simplified_display() - )) + .ok_or_else(|| Error::RecordFile { + relative: relative_to_site_packages.to_path_buf(), + absolute: src.to_path_buf(), })?

Before: - const key = head.resolvedOptions.experimentalStreamKey || DEFAULT_STREAM_KEY; After: + const key = head.resolvedOptions.experimentalStreamKey || DEFAULT_STREAM_KEY; + assertValidStreamKey(key);

Added methods `_terminal_sanitize_policy`, `_has_foreign_nodes`, and `_stabilize_terminal_sanitize_once` to handle HTML sanitization. Before: ```python class JustHTML: tokenizer: Tokenizer tree_builder: TreeBuilder ``` After: ```python class JustHTML: tokenizer: Tokenizer tree_builder: TreeBuilder @staticmethod def _terminal_sanitize_policy(...): # ... (new method) @staticmethod def _has_foreign_nodes(...): # ... (new method) @staticmethod def _stabilize_terminal_sanitize_once(...): # ... (new method)

Before: - send: async ({ params, respond, context }) => { After: + send: async ({ params, respond, context, client }) => {

Before: - if (isReplayEvent(update, nowMs)) { After: + if (isReplayEvent(target, update, nowMs)) {