Skip to content

security: wire path + prompt validation into IPC commands#27

Merged
mohabbis merged 1 commit into
masterfrom
claude/init-2k21ns
Jun 8, 2026
Merged

security: wire path + prompt validation into IPC commands#27
mohabbis merged 1 commit into
masterfrom
claude/init-2k21ns

Conversation

@mohabbis

@mohabbis mohabbis commented Jun 8, 2026

Copy link
Copy Markdown
Owner

Summary

Wires the existing-but-uncalled validators from core::security into the IPC command layer (items 1 & 2 from the next-steps plan). These functions already had the logic written and tested; they were simply never invoked from commands.rs.

Changes

  • Path traversal guardsanitize_workflow_path now runs at the top of every command that turns a user-supplied name into an on-disk path: save_workflow, load_workflow, delete_workflow, save_workflow_with_metadata, load_workflow_with_metadata, and save_workflow_with_sidecar. It blocks .., /, \, and null bytes. save_workflow_with_sidecar was the most exposed, since it built format!("{}.meta.json", name) directly.
  • Prompt validationvalidate_prompt runs in generate_workflow_from_prompt before the prompt reaches the LLM provider (length cap + basic injection guards).

Deliberately not done

  • validate_coordinates was left unwired. Its hardcoded 0–10000 bound would reject legitimate coordinates on multi-monitor setups (three horizontal 4K displays span ~11520px), turning a "security win" into a false-positive regression in inspect_element.

Compatibility note

sanitize_workflow_path restricts names to [a-zA-Z0-9_\- ]. Any pre-existing workflow saved with a name containing punctuation (e.g. Report.v2, Backup (old)) would now fail to load or delete. This is the project's own designed validator, used as-is.

Test plan

  • CI (cargo check / clippy / test on macOS + Windows)
  • Manual: saving a workflow named ../evil returns a validation error instead of writing outside the data dir

https://claude.ai/code/session_01CQaxE4mHrAWqLcfHNFpdUR


Generated by Claude Code

Wire the existing (but previously uncalled) validators from
core::security into the command layer:

- sanitize_workflow_path on save/load/delete_workflow,
  save/load_workflow_with_metadata, and save_workflow_with_sidecar
  to block path traversal (.., /, \, null bytes) in names that are
  used to construct on-disk file paths.
- validate_prompt on generate_workflow_from_prompt to enforce the
  length cap and basic injection guards before the prompt reaches
  the LLM provider.

validate_coordinates is intentionally left unwired: its hardcoded
0-10000 bound would reject legitimate coordinates on multi-monitor
setups.

https://claude.ai/code/session_01CQaxE4mHrAWqLcfHNFpdUR
@vercel

vercel Bot commented Jun 8, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
ghost Ready Ready Preview, Comment Jun 8, 2026 10:37pm

@mohabbis mohabbis marked this pull request as ready for review June 8, 2026 22:43
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@mohabbis mohabbis merged commit 93b8faf into master Jun 8, 2026
12 checks passed
@mohabbis mohabbis deleted the claude/init-2k21ns branch June 8, 2026 22:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants