fix(gateway/discord): require allowlist auth on slash commands [SECURITY]#19178
Merged
Conversation
Slash commands (_run_simple_slash, _handle_thread_create_slash) bypassed every DISCORD_ALLOWED_* gate enforced by on_message. Any guild member could invoke /background (RCE via terminal), /restart, /model, /skill, etc. CVSS 9.8 Critical. - _evaluate_slash_authorization mirrors on_message gates (user, role, channel, ignored channel) with fail-closed semantics - _check_slash_authorization sends ephemeral reject + logs + admin alert - Auth gate runs before defer() so rejections are ephemeral - /skill autocomplete returns [] for unauthorized users (no catalog leak) - Component views (ExecApproval, SlashConfirm, UpdatePrompt, ModelPicker) now honor role allowlists via shared _component_check_auth helper - Optional DISCORD_HIDE_SLASH_COMMANDS defense-in-depth - Cross-platform admin alert (Telegram/Slack fallback) on unauthorized attempts Based on PR #18125 by @0xyg3n.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
SECURITY — Salvage of PR #18125 by @0xyg3n. Fixes CVSS 9.8 Critical vulnerability: Discord slash commands bypass all
DISCORD_ALLOWED_*authorization gates.Vulnerability
_run_simple_slash(),_handle_thread_create_slash(), and the/skillhandler performed zero authorization checks. Every gate enforced byon_message—DISCORD_ALLOWED_USERS,DISCORD_ALLOWED_ROLES,DISCORD_ALLOWED_CHANNELS,DISCORD_IGNORED_CHANNELS— was completely bypassed for slash commands. Any guild member could execute/background(RCE via terminal tool),/restart,/model,/skill, etc.Verified end-to-end against a real third-party deployment by the reporter.
Fix
_evaluate_slash_authorization()— pure logic, mirrors all 4 on_message gates with fail-closed semantics_check_slash_authorization()— sends ephemeral rejection + warning log + cross-platform admin alertdefer()so rejections are ephemeral (not visible to channel)/skillautocomplete returns[]for unauthorized users (no catalog leak via keystroke probing)_component_check_auth()helper — previously role-only deployments had wide-open buttonsDISCORD_HIDE_SLASH_COMMANDSdefense-in-depth (hides from non-admin guild members)Changes
From contributor (applied as single commit preserving authorship):
gateway/platforms/discord.py— auth gate on all slash paths, component view role support, admin alertsgateway/run.py— setadapter.gateway_runnerfor cross-platform alert routing (3 lines)tests/gateway/test_discord_slash_auth.py— 737 lines of security regression teststests/gateway/test_discord_component_auth.py— 230 lines of component auth teststests/gateway/test_discord_slash_commands.py— updated for auth-before-defer orderingFollow-up:
scripts/release.py— add 0xyg3n noreply email to AUTHOR_MAPTest results