Enforce path validation and restrict default allowed origins#14
Merged
Merged
Conversation
Address two partially-remediated findings from the 2026-03-17 security audit (SECURITY-004 and SECURITY-006) by making their protections mandatory rather than opt-in. SECURITY-004 — ImageUtil path traversal (CWE-22): Previously, validate_path_safety! only ran when a base_directory was explicitly passed to file_to_mcp_image_content. Callers who forgot to supply it got no protection at all. Now the validation always runs: - With base_directory: unchanged behavior (path must resolve within it). - Without base_directory: paths containing ".." are canonicalized and rejected if they escape the current working directory. This catches the common "../../etc/passwd" pattern even when callers omit the base_directory parameter. The method now returns the canonicalized path, which is used for all subsequent File.exist? / File.readable? / File.binread calls. SECURITY-006 — Origin validation (CWE-352): The default allowed_origins was ["*"], which silently permitted cross-origin requests from any website. The new default restricts to localhost/127.0.0.1/[::1] over both http and https. Additionally: - valid_origin? now does prefix matching so "http://localhost" in the allow list correctly matches "http://localhost:3000". - Configuring ["*"] explicitly still works but now logs a [SECURITY] warning at startup. Test changes: - ImageUtil: added specs for traversal rejection without base_directory. - HttpStream: updated origin validation suite to cover the new default (localhost-only), port-aware matching, and opt-in wildcard behavior. All 1421 examples pass, 0 failures. RuboCop clean.
Owner
Author
|
/gemini-review |
3 similar comments
Owner
Author
|
/gemini-review |
Owner
Author
|
/gemini-review |
Owner
Author
|
/gemini-review |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Address two partially-remediated findings from the 2026-03-17 security audit (SECURITY-004 and SECURITY-006) by making their protections mandatory rather than opt-in.
SECURITY-004 — ImageUtil path traversal (CWE-22):
Previously, validate_path_safety! only ran when a base_directory was explicitly passed to file_to_mcp_image_content. Callers who forgot to supply it got no protection at all. Now the validation always runs:
SECURITY-006 — Origin validation (CWE-352):
The default allowed_origins was ["*"], which silently permitted cross-origin requests from any website. The new default restricts to localhost/127.0.0.1/[::1] over both http and https. Additionally:
Test changes:
All 1421 examples pass, 0 failures. RuboCop clean.