Security Vulnerability Fixes
Reported by: Lakshmikanthan K (@letchupkt )
Summary
Three security vulnerabilities have been identified and fixed:
PR fix(security) : Fix race condition in file write operations (Symlink TOCTOU) #1146 - Symlink race condition in file write operationsPR fix(security) : Fix path traversal via malicious .clasp.json srcDir #1145 - Path traversal via malicious .clasp.json configurationPR fix(security) : Restrict credential file path to home directory #1147 - Credential path injection allowing storage outside home directory
Impact
Arbitrary file writes outside project boundaries
Filesystem escape via crafted configuration files
Potential OAuth credential exfiltration
Fixes Applied
All PRs implement defense-in-depth security controls using O_NOFOLLOW, O_EXCL, path resolution validation, and permission hardening.
Testing
197 existing tests passing on all branches
No regressions introduced
Credit: Lakshmikanthan K (@l3tchupkt )
Security Vulnerability Fixes
Reported by: Lakshmikanthan K (@letchupkt)
Summary
Three security vulnerabilities have been identified and fixed:
.clasp.jsonconfigurationImpact
Fixes Applied
All PRs implement defense-in-depth security controls using
O_NOFOLLOW,O_EXCL, path resolution validation, and permission hardening.Testing
Credit: Lakshmikanthan K (@l3tchupkt )