Security: Fix path traversal in evaluator and restrict Docker fallback#1
Open
Nafjan wants to merge 1 commit into
Open
Security: Fix path traversal in evaluator and restrict Docker fallback#1Nafjan wants to merge 1 commit into
Nafjan wants to merge 1 commit into
Conversation
|
@Nafjan is attempting to deploy a commit to the swaroopmalina-1877's projects Team on Vercel. A member of the Team first needs to authorize it. |
This patches two security flaws in the execution pipeline: 1. Docker Sandbox Fallback: Previously, if Docker was unavailable, the sandbox would quietly fall back to running commands on the host OS. Downstream tools couldn't tell the difference. This strips out that host-fallback logic entirely. Now, if we can't find Docker, it blocks execution and returns a predictable error pattern instead of compromising the host. 2. Path Traversal: The DualToolEvaluator allowed basic path traversal strings. We moved from naive substring matching to using `os.path.abspath(os.path.expanduser(token))` across all platforms. This actively breaks `../` attempts before they reach the execution layer. Also included the markdown security audit report detailing these findings and confirming false positives in the package-lock.json scanner hits.
Nafjan
force-pushed
the
fix-security-sandbox-traversal
branch
from
727c0c2 to
3d567e2
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Security: Fix path traversal in evaluator and restrict Docker fallback
This patches two security flaws in the execution pipeline:
Docker Sandbox Fallback: Previously, if Docker was unavailable, the sandbox would quietly fall back to running commands on the host OS. Downstream tools couldn't tell the difference. This strips out that host-fallback logic entirely. Now, if we can't find Docker, it blocks execution and returns a predictable error pattern instead of compromising the host.
Path Traversal: The DualToolEvaluator allowed basic path traversal strings. We moved from naive substring matching to using
os.path.abspath(os.path.expanduser(token))across all platforms. This actively breaks../attempts before they reach the execution layer.Also included the markdown security audit report detailing these findings and confirming false positives in the package-lock.json scanner hits.