fix(security): block arbitrary file read and harden plugin hooks#903
Open
JinyuXiang-Mimo wants to merge 3 commits into
Open
fix(security): block arbitrary file read and harden plugin hooks#903JinyuXiang-Mimo wants to merge 3 commits into
JinyuXiang-Mimo wants to merge 3 commits into
Conversation
…ooks File hooks (user-written .mimocode/hooks/) now get three layers of protection: - structuredClone snapshot before execution, restored on error - 5s timeout via Promise.race to prevent infinite hangs - Circuit breaker that auto-skips hooks after 3 consecutive failures Internal plugin hooks remain unguarded for performance.
…ction The InstanceMiddleware accepts a `directory` query parameter that sets the project root for the request. Attackers can pass `directory=/etc` to read any system file (e.g. /etc/passwd, /etc/shadow) because containsPath validates against the attacker-controlled directory. Fix with 3 defense layers: - Layer 1: Refuse to start on non-loopback without MIMOCODE_SERVER_PASSWORD - Layer 2: Validate directory against system paths and require project markers - Layer 3: Unauthenticated servers restrict directory to cwd subtree
Filesystem.resolve() uses realpathSync to canonicalize the directory parameter, but the cwd comparison used raw process.cwd(). On macOS where /tmp → /private/tmp (or any symlink'd project dir), this mismatch causes false 403 rejections for legitimate requests.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
InstanceMiddleware中directory参数注入导致的任意文件读取漏洞攻击向量
GET /file/content?directory=/etc&path=passwd绕过路径检查读取系统任意文件。根因:middleware 盲目接受用户提供的
directory作为项目根目录。防御层
MIMOCODE_SERVER_PASSWORD(或--no-auth)isValidProjectDirectory()拒绝系统路径,要求项目标记文件