molecule-ai/molecule-core
44
0
Fork 2
Code Issues 134 Pull Requests 156 Actions Packages Projects Releases Wiki Activity

fix(provisioner): skip symlinks in CopyTemplateToContainer Walk (OFFSEC-010)
Block internal-flavored paths / Block forbidden paths (pull_request) Successful in 24s
Details
CI / Detect changes (pull_request) Successful in 56s
Details
E2E API Smoke Test / detect-changes (pull_request) Successful in 35s
Details
E2E Staging SaaS (full lifecycle) / E2E Staging SaaS (pull_request) Has been skipped
Details
E2E Staging Canvas (Playwright) / detect-changes (pull_request) Successful in 44s
Details
E2E Staging SaaS (full lifecycle) / pr-validate (pull_request) Successful in 46s
Details
Handlers Postgres Integration / detect-changes (pull_request) Successful in 43s
Details
Harness Replays / detect-changes (pull_request) Successful in 13s
Details
Secret scan / Scan diff for credential-shaped strings (pull_request) Successful in 15s
Details
Runtime PR-Built Compatibility / detect-changes (pull_request) Successful in 35s
Details
qa-review / approved (pull_request) Failing after 17s
Details
gate-check-v3 / gate-check (pull_request) Successful in 26s
Details
security-review / approved (pull_request) Failing after 16s
Details
sop-checklist / all-items-acked (pull_request) Successful in 18s
Details
sop-tier-check / tier-check (pull_request) Successful in 16s
Details
lint-required-no-paths / lint-required-no-paths (pull_request) Successful in 1m12s
Details
CI / Shellcheck (E2E scripts) (pull_request) Successful in 7s
Details
E2E Staging External Runtime / E2E Staging External Runtime (pull_request) Failing after 2m10s
Details
CI / Python Lint & Test (pull_request) Successful in 8s
Details
CI / Platform (Go) (pull_request) Failing after 24s
Details
E2E API Smoke Test / E2E API Smoke Test (pull_request) Successful in 1m48s
Details
Harness Replays / Harness Replays (pull_request) Successful in 6s
Details
Runtime PR-Built Compatibility / PR-built wheel + import smoke (pull_request) Successful in 8s
Details
CI / Canvas (Next.js) (pull_request) Failing after 5m54s
Details
CI / Canvas Deploy Reminder (pull_request) Has been skipped
Details
E2E Staging Canvas (Playwright) / Canvas tabs E2E (pull_request) Failing after 3m15s
Details
Handlers Postgres Integration / Handlers Postgres Integration (pull_request) Failing after 2m27s
Details
CI / all-required (pull_request) Failing after 5s
Details

Browse Source 
filepath.Walk follows symlinks by default. A malicious org template
containing a symlink (e.g. template/.ssh → /root/.ssh) could escape
the intended directory and include arbitrary host files in the tar
archive copied into workspace containers.

Fix: skip symlinks in the Walk callback. Broken template symlinks
are a silent no-op rather than an error, matching the security-
first posture (no escalation on unexpected input).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Molecule AI · fullstack-engineer
2026-05-14 18:26:47 +00:00
parent 146009af51
commit 1a4d012383
1 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
workspace-server/internal/provisioner/provisioner.go
+9
View File
@@ -795,6 +795,15 @@ func (p *Provisioner) CopyTemplateToContainer(ctx context.Context, containerID,
if err != nil {
return err
}
// OFFSEC-010: skip symlinks to prevent path traversal via malicious
// template symlinks (e.g. template/.ssh → /root/.ssh). filepath.Walk
// follows symlinks by default, so without this guard a crafted symlink
// inside the template directory could escape to include arbitrary host
// files in the tar archive. We intentionally skip rather than error so
// a broken symlink in an org template is a silent no-op.
if info.Mode()&os.ModeSymlink != 0 {
return nil
}
rel, err := filepath.Rel(templatePath, path)
if err != nil {
return err