Skip to content

v0.1.3

Choose a tag to compare

@github-actions github-actions released this 17 Jun 06:25
Restrict operation-as-path parsing to an allow-list of services

v0.1.2 recovered the operation name from a lone CamelCase request-path
segment for every service except an S3 deny-list. That is fail-open:
execute-api (path is the customer's API route) and mediastore (path is
an object key) are non-S3 services with agent-controlled paths, so a
request like `DELETE /GetThing` was parsed as action "GetThing", matched
the Get read prefix, and was auto-allowed — forging a read verdict on a
mutation and bypassing the approval gate.

Invert to a fail-closed allow-list (restJSONOperationServices, currently
just savingsplans): only services confirmed to put the operation name in
the path get path-operation recovery; every other service falls through
to "METHOD path" and is gated as a mutation. Add tests for the exploit
shapes (mutation method + read-prefix-named segment on execute-api /
mediastore / s3 / empty service) and for multi-segment/dot-segment
paths.