security(cli): guard --endpoint-url against bearer-token leak (SEC-08)#26
Merged
Conversation
grn mints a reusable IAM bearer token and sends it to whatever --endpoint-url names, so a mistyped/malicious host can capture and replay it. Add a hybrid guard (cli.CheckEndpoint) wired into the VKS and vServer client builders: - host within vngcloud.vn / greenode.ai (or no override): allowed silently - untrusted host over verified TLS: warn on stderr, proceed - untrusted host without TLS protection (plain http or --no-verify-ssl): blocked with an error unless the new --allow-untrusted-endpoint flag is set Fail-closed on the MITM-prone combination; permissive for legitimate custom HTTPS endpoints. Adds --allow-untrusted-endpoint (persistent) and tests. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Finding (SEC-08)
grnauthenticates against the real IAM (hardcoded) to mint a reusable bearer token, then sends it with every request to whatever--endpoint-urlnames. A mistyped or malicious host captures the token and can replay it against the real API until it expires (unlike AWS SigV4, which signs per host/time/payload). Worst with--no-verify-ssl(MITM).Fix — hybrid guard
New
cli.CheckEndpoint(endpointURL, noVerifySSL, allowUntrusted), wired into both the VKS and vServer client builders (runs before auth, so blocks happen offline):vngcloud.vn/greenode.ai(or no--endpoint-url)https)http://or--no-verify-ssl--allow-untrusted-endpointRationale: fail-closed on the MITM-prone combo (no TLS), permissive for legitimate custom HTTPS endpoints (matches how
awsallows--endpoint-url).Adds a persistent
--allow-untrusted-endpointflag. Trusted domains:vngcloud.vn+greenode.ai(incl. subdomains, matched on a dot boundary).Not fixed here (server-side)
The root cause — a replayable bearer — can only be fully solved server-side (SigV4-style signing, DPoP, or audience/host-scoped tokens).
grnalone cannot; this PR reduces the accident/MITM surface.Testing
TestIsTrustedEndpoint(vngcloud.vn/greenode.ai + subdomains trusted; look-alikes/localhost/malformed untrusted).TestCheckEndpointPolicy(trusted / https-warn / http-block / no-verify-block / opt-in-warn).go vet ./...clean; fullgo test ./...passes; build clean.🤖 Generated with Claude Code