Skip to content

fix: batch security review hardening#32

Merged
MerhiOPS merged 8 commits intomainfrom
fix/security-review-findings-severity-batches
Mar 16, 2026
Merged

fix: batch security review hardening#32
MerhiOPS merged 8 commits intomainfrom
fix/security-review-findings-severity-batches

Conversation

@MerhiOPS
Copy link
Contributor

@MerhiOPS MerhiOPS commented Mar 16, 2026

Summary

  • harden sandboxed filesystem operations against symlink-swap escapes by executing CRUD through capability-scoped directory handles
  • reserve internal IPC channels, tighten native fast-path rate limiting, and cap/lock down webview response delivery
  • harden plugin/runtime boundaries with panic-safe IPC worker cleanup, bounded stderr capture, storage quota/recovery, randomized grant ids, and dialog title sanitization

Commits

Validation

  • cargo fmt --all
  • cargo clippy --workspace --all-targets -- -D warnings
  • cargo test --workspace
  • pnpm --filter voltkit typecheck
  • pnpm --filter voltkit lint
  • pnpm --filter voltkit test

Notes

  • The reported
    emove_dir_all symlink-following claim did not reproduce as described; the destructive escape scenario was not implemented as part of this PR.
  • Touched files still above the 300-line soft cap: crates/volt-core/src/fs/mod.rs, crates/volt-core/src/security.rs, crates/volt-runner/src/plugin_manager/process/io.rs, crates/volt-runner/src/plugin_manager/host_api_storage.rs. No file exceeds the 500-line hard cap.

@MerhiOPS MerhiOPS merged commit 86b94a4 into main Mar 16, 2026
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MerhiOPS