test(security): GHSA-g6ww-w5j2-r7x3 Python regression + advisory note#539
Merged
Conversation
Add sdks/python/tests/test_readonly_volume_remount.py: replays the published PoC's remount,rw attack against a read_only volume via the Python SDK and asserts the host file is never modified. Python-SDK counterpart of src/boxlite/tests/security_enforcement.rs. Verified PASSED against current main (v0.9.5) under pytest -m integration. Update SECURITY.md: correct Supported Versions to 0.9.x (0.8.x is vulnerable to this advisory) and add a Published Advisories section pointing <0.9.0 users to 0.9.0+ - the only disclosure path that reaches C-SDK / build-from-source users with no Dependabot alert.
Co-authored-by: Copilot Autofix powered by AI <223894421+github-code-quality[bot]@users.noreply.github.com>
DorianZheng
added a commit
that referenced
this pull request
May 20, 2026
…#558) Brings SDK regression coverage in line with the existing Python tests (#539 / #540) and the Rust core test (src/boxlite/src/images/archive/extractor.rs::test_cve_symlink_escape_blocked). Node (vitest, *.integration.test.ts): - security-readonly-volume-remount: mounts a read-only host volume, runs `mount -o remount,rw` from inside the box, asserts the host file is unchanged. Counterpart of the Python remount test. - security-symlink-escape: builds a minimal malicious OCI layout inline (hand-rolled USTAR + sha256 + manifest/config/index, no new devDeps) and loads it via SimpleBox({ rootfsPath }), asserts no host file is written outside the extraction root. Go (//go:build boxlite_dev, *_integration_test.go): - security_readonly_volume_remount: same shape as the Node test, using WithVolumeReadOnly + box.Exec. - security_symlink_escape: uses stdlib archive/tar to build the malicious layer + json for the OCI layout, then rt.Create(..., WithRootfsPath(layoutDir)). C SDK regression coverage is intentionally skipped per sdks/c/tests/CMakeLists.txt: "lifecycle/execute/streaming/etc. tests were removed when the C SDK moved to the post-and-drain callback API; coverage of those code paths now lives in the Go SDK + runner integration suite." The new Go tests above cover the same C-FFI machinery from one layer up.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
sdks/python/tests/test_readonly_volume_remount.py— replays the published PoC'smount -o remount,rwattack against aread_only=Truevolume through the Python SDK and asserts the host file is never modified. Python-SDK counterpart ofsrc/boxlite/tests/security_enforcement.rs.SECURITY.md: corrects the Supported Versions table to0.9.x(0.8.x is vulnerable to this advisory) and adds a Published Advisories section pointing< 0.9.0users to 0.9.0+ — the only disclosure path reaching C-SDK / build-from-source users with no Dependabot alert.Relates to GHSA-g6ww-w5j2-r7x3 (Critical, fixed in v0.9.0 by #454). This PR adds no product code — regression coverage + disclosure docs only.
Test plan
pytest -m integration sdks/python/tests/test_readonly_volume_remount.py→ 1 passed (verified on main @ v0.9.5)cargo nextest run -p boxlite --features krun,gvproxy --test security_enforcement→ 2 passed