Skip to content

security(cli): guard --endpoint-url against bearer-token leak (SEC-08)#26

Merged
vks-team merged 1 commit into
mainfrom
security/sec-08-endpoint-guard
Jul 3, 2026
Merged

security(cli): guard --endpoint-url against bearer-token leak (SEC-08)#26
vks-team merged 1 commit into
mainfrom
security/sec-08-endpoint-guard

Conversation

@vks-team

@vks-team vks-team commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Finding (SEC-08)

grn authenticates against the real IAM (hardcoded) to mint a reusable bearer token, then sends it with every request to whatever --endpoint-url names. A mistyped or malicious host captures the token and can replay it against the real API until it expires (unlike AWS SigV4, which signs per host/time/payload). Worst with --no-verify-ssl (MITM).

Fix — hybrid guard

New cli.CheckEndpoint(endpointURL, noVerifySSL, allowUntrusted), wired into both the VKS and vServer client builders (runs before auth, so blocks happen offline):

Endpoint Result
within vngcloud.vn / greenode.ai (or no --endpoint-url) allowed silently
untrusted host over verified TLS (https) warn on stderr, proceed
untrusted host without TLS protection — plain http:// or --no-verify-ssl blocked with an error unless --allow-untrusted-endpoint

Rationale: fail-closed on the MITM-prone combo (no TLS), permissive for legitimate custom HTTPS endpoints (matches how aws allows --endpoint-url).

Adds a persistent --allow-untrusted-endpoint flag. Trusted domains: vngcloud.vn + greenode.ai (incl. subdomains, matched on a dot boundary).

Not fixed here (server-side)

The root cause — a replayable bearer — can only be fully solved server-side (SigV4-style signing, DPoP, or audience/host-scoped tokens). grn alone cannot; this PR reduces the accident/MITM surface.

Testing

  • TestIsTrustedEndpoint (vngcloud.vn/greenode.ai + subdomains trusted; look-alikes/localhost/malformed untrusted).
  • TestCheckEndpointPolicy (trusted / https-warn / http-block / no-verify-block / opt-in-warn).
  • Verified via binary: http & no-verify blocked offline; https warns; opt-in downgrades to warn.
  • go vet ./... clean; full go test ./... passes; build clean.

🤖 Generated with Claude Code

grn mints a reusable IAM bearer token and sends it to whatever --endpoint-url
names, so a mistyped/malicious host can capture and replay it. Add a hybrid
guard (cli.CheckEndpoint) wired into the VKS and vServer client builders:

- host within vngcloud.vn / greenode.ai (or no override): allowed silently
- untrusted host over verified TLS: warn on stderr, proceed
- untrusted host without TLS protection (plain http or --no-verify-ssl):
  blocked with an error unless the new --allow-untrusted-endpoint flag is set

Fail-closed on the MITM-prone combination; permissive for legitimate custom
HTTPS endpoints. Adds --allow-untrusted-endpoint (persistent) and tests.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@vks-team vks-team merged commit 4767938 into main Jul 3, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant