Conversation
sudhirverma
force-pushed
the
AAP-82833
branch
2 times, most recently
from
July 17, 2026 18:12
2775751 to
249ed89
Compare
Add Zod schemas for every mutating web route and allowlist workspace locations so POST /api/config cannot traverse or write outside known paths.
Move virtual-name validation into config-schema and use importOriginal in config.js mocks so server import chains no longer break CI.
tsc failed in CI because the barrel re-exported isValidVirtualName from both config and config-schema after the schema move.
Keep DR-032 passthrough settings persistable via POST /api/config after Zod .strict() validation (H4/H5).
Avoid .strict() on /v1/chat/completions so DR-020 clients with stream_options/user/stop keep working. Reject NUL in locations, compare realpath when present, and validate empty bodies on MCP DELETE routes.
Collaborator
|
Maintainer review fixes in
Waiting on CI, then approve if green. |
cidrblock
approved these changes
Jul 17, 2026
cidrblock
left a comment
Collaborator
There was a problem hiding this comment.
Verdict: merge-ready
H4/H5 Zod validation + workspace allowlist is solid. Maintainer follow-up fe156a2 fixes the OpenAI .strict() DR-020 regression (now .strip()), hardens path checks (NUL + realpath), and aligns MCP DELETE body validation.
CI green on fe156a2. Approving.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes security findings H4/H5: mutating HTTP API routes previously accepted unvalidated
req.body, allowing arbitrary config writes, workspace path traversal, field injection, and type confusion.api-schemas.ts+parseRequestBody), returning 400 on invalid bodies before business logic runs.location/workspacePathfor config writes; reject..traversal (400) and non-allowlisted paths (403) with no file write.ConfigFile/PolicyConfigschemas in@abbenay/core(config-schema.ts); reuse from the web layer..strict()schemas to reject unexpected fields (field-injection defense)./v1tools passthrough (DR-032): optionaltoolson chat completions;ConfigFileSchema/ModelConfigSchemaacceptopenai_compatandopenai_compat_toolsso dashboard/POST /api/configcan persist passthrough settings.Problem
POST /api/configtooklocation/configwith no validation; other routes destructuredreq.bodywithout schemas. Risk: arbitrary config writes, path traversal, field injection, type confusion.Changes
api-schemas.ts/v1, login)validate-body.tsparseRequestBody, path-traversal check, workspace allowlist helpersconfig-schema.tsConfigFile/PolicyConfig(+ DR-032openai_compatfields)server.tsopenai-compat.tsTest plan
config-schema.test.ts— valid/invalid config,openai_compataccept/rejectvalidate-body.test.ts— parse failures, allowlist / traversalweb-sse.test.ts):POST /api/configwith allowlisted location + valid config → savedlocation: ../../etc/passwdor outside allowlist → 400/403, no writePOST /api/chatwith malformed body → 400npm run lintnpm testnpm run ci:build/v1passthrough still works when enabledAcceptance criteria
POST /api/configsavesEnd-to-end
POST /api/configwith valid allowlistedlocation+ config → saved.location: ../../etc/passwd(or outside allowlist) → 400/403, no write.POST /api/chatwith malformed body → 400.issue: https://redhat.atlassian.net/browse/AAP-82833