From 6265ce5ec11044296b6346dbe9064a89b526b68d Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Wed, 13 May 2026 08:23:48 +0000 Subject: [PATCH 1/2] docs(security): add CWE-22 regression fix entry for 2026-05-13 Pairs molecule-core#810 (Critical CWE-22 path traversal regression in org_import.go). Also adds full 2026-05-13 changelog entry covering: - CWE-22 path traversal fix (security section) - stop_event graceful shutdown feature (SDK Python #8) - PLATFORM_URL default alignment (workspace-runtime #12) - Canvas CI hardening (core #773/776/777) - Go lint CI hardening (core #781) Co-Authored-By: Claude Opus 4.7 --- content/docs/changelog.mdx | 21 +++++++++++++++++++++ content/docs/security/changelog.md | 22 ++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx index 0717703..36a35d9 100644 --- a/content/docs/changelog.mdx +++ b/content/docs/changelog.mdx @@ -8,6 +8,27 @@ Entries are published daily at 23:50 UTC. --- +## 2026-05-13 + +### โœจ New features + +- **Graceful shutdown support for remote agents**: `run_heartbeat_loop()` and `run_agent_loop()` in `molecule-sdk-python` now accept a `stop_event: threading.Event` parameter. Set the event from a SIGTERM handler to exit the loop cleanly with return value `"stopped"` โ€” enabling proper graceful shutdown in Kubernetes, Docker, and other container-orchestrated environments. (`molecule-sdk-python` [#8](https://git.moleculesai.app/molecule-ai/molecule-sdk-python/pulls/8)) + +### ๐Ÿ”ง Fixes + +- **PLATFORM_URL defaults aligned across all runtime modules**: all workspace runtime modules (`a2a_cli.py`, `a2a_client.py`, `a2a_mcp_server.py`, and 10 others) now consistently default `PLATFORM_URL` to `http://host.docker.internal:8080`. Previously some modules defaulted to `http://platform:8080`, causing connection failures in containerized deployments where the Docker host is not named `platform`. (`molecule-ai-workspace-runtime` [#12](https://git.moleculesai.app/molecule-ai/molecule-ai-workspace-runtime/pulls/12)) + +### ๐Ÿ”’ Security + +- **CWE-22: Path traversal regression in org template import fixed**: a regression removed the path-traversal guard from `createWorkspaceTree` in `org_import.go`, which could allow a malicious org YAML with `filesDir: "../../../etc"` to read arbitrary server files. The fix replaces the unprotected `parseEnvFile` calls with `loadWorkspaceEnv` which applies `resolveInsideRoot` validation before accessing any path. (`molecule-core` [#810](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/810)) + +### ๐Ÿงน Internal + +- **Canvas CI hardening**: publish workflow updated to pipefail-safe shell probes; Gitea cache export no longer masks errors; canvas image published to ECR. (`molecule-core` [#773](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/773), [#776](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/776), [#777](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/777)) +- **Go lint CI hardening**: `golangci-lint run` no longer masked with `|| true`, so lint failures now fail the build loudly. (`molecule-core` [#781](https://git.moleculesai.app/molecule-ai/molecule-core/pulls/781)) + +--- + ## 2026-05-12 ### ๐Ÿ”’ Security diff --git a/content/docs/security/changelog.md b/content/docs/security/changelog.md index e3d6990..4b161a3 100644 --- a/content/docs/security/changelog.md +++ b/content/docs/security/changelog.md @@ -9,6 +9,28 @@ This page documents security fixes shipped in the Molecule AI platform. Each ent --- +## 2026-05-13 โ€” CWE-22: Path Traversal Regression in `org_import.go` (Resolved) + +**Severity:** Critical (CWE-22) +**PR:** [#810](https://git.moleculesai.app/molecule-ai/molecule-core/pull/810) +**Affected:** `workspace-server/internal/handlers/org_import.go` โ€” `createWorkspaceTree` + +### Vulnerability + +A regression removed the `resolveInsideRoot` path-traversal guard from `createWorkspaceTree` at `org_import.go:494`. The function called `parseEnvFile(filepath.Join(orgBaseDir, ws.FilesDir, ".env"))` without validating that `ws.FilesDir` resolved inside `orgBaseDir`. + +An attacker who could submit a malicious org YAML with `filesDir: "../../../etc"` could cause the platform to read arbitrary files accessible to the server process via the `.env` loading path. + +### Fix + +Replaced the two raw `parseEnvFile` calls with `loadWorkspaceEnv(orgBaseDir, ws.FilesDir)`, which applies `resolveInsideRoot` internally before joining paths. This restores the guard that was present before the regression was introduced. + +### User-facing summary + +The org template import endpoint now validates all workspace file paths before accessing them. Attempts to access files outside the designated org directory return an error and are never processed. + +--- + ## 2026-04-20 โ€” CWE-22: Path Traversal in `copyFilesToContainer` **Severity:** High (CWE-22) -- 2.52.0 From d0c5611e8bf87c6887cb01d3c027f5cb61870d1b Mon Sep 17 00:00:00 2001 From: Molecule AI Documentation Specialist Date: Wed, 13 May 2026 12:32:17 +0000 Subject: [PATCH 2/2] =?UTF-8?q?docs(mcp-server):=20rename=20MOLECULE=5FURL?= =?UTF-8?q?=20=E2=86=92=20MOLECULE=5FAPI=5FURL;=20add=20MOLECULE=5FAPI=5FK?= =?UTF-8?q?EY=20and=20MCP=5FSERVER=5FPORT?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pair PR: molecule-mcp-server#6 The MCP server README (PR #6) renamed MOLECULE_URL โ†’ MOLECULE_API_URL and added two new env vars (MOLECULE_API_KEY, MCP_SERVER_PORT). This commit syncs the docs site to match. Co-Authored-By: Molecule AI Documentation Specialist --- content/docs/mcp-server.mdx | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/content/docs/mcp-server.mdx b/content/docs/mcp-server.mdx index 208beca..78b7898 100644 --- a/content/docs/mcp-server.mdx +++ b/content/docs/mcp-server.mdx @@ -25,7 +25,7 @@ npx @molecule-ai/mcp-server@1.0.0 "command": "npx", "args": ["@molecule-ai/mcp-server@1.0.0"], "env": { - "MOLECULE_URL": "http://localhost:8080" + "MOLECULE_API_URL": "http://localhost:8080" } } } @@ -36,10 +36,10 @@ npx @molecule-ai/mcp-server@1.0.0 **Pin the package version.** The examples above use `@1.0.0` โ€” always specify an exact version and omit the `-y` flag. An unpinned `npx -y @molecule-ai/mcp-server` (no version) silently installs whatever npm serves on the next restart; if the package is ever compromised, it runs with your full MCP client permissions. Check [npm](https://www.npmjs.com/package/@molecule-ai/mcp-server) for the latest stable release before upgrading. -For SaaS deployments, set `MOLECULE_URL` to your tenant URL: +For SaaS deployments, set `MOLECULE_API_URL` to your tenant URL: ```json -"MOLECULE_URL": "https://your-org.moleculesai.app" +"MOLECULE_API_URL": "https://your-org.moleculesai.app" ``` ### Verify @@ -151,12 +151,14 @@ The MCP server exposes tools across these categories: | Variable | Default | Description | |---|---|---| -| `MOLECULE_URL` | `http://localhost:8080` | Platform API URL | +| `MOLECULE_API_URL` | `http://localhost:8080` | Platform API base URL | +| `MOLECULE_API_KEY` | โ€” | API key for platform authentication | +| `MCP_SERVER_PORT` | `3000` | Port (for HTTP/SSE transport) | ## Troubleshooting | Issue | Fix | |---|---| -| Connection refused | Check `MOLECULE_URL` points to running platform | +| Connection refused | Check `MOLECULE_API_URL` points to running platform | | 401 Unauthorized | Token expired or revoked โ€” create a new one | | Tools not showing | Run `npx @molecule-ai/mcp-server@1.0.0` standalone to check errors | -- 2.52.0