fix: bind gRPC trace listener to 127.0.0.1 instead of 0.0.0.0

The OTLP/gRPC trace listener was binding to 0.0.0.0 by default, exposing the unauthenticated trace service to the network. This allows any host on the same network to inject fake spans or exfiltrate collected trace data (which may contain sensitive attributes like API keys and HTTP headers). Bind to 127.0.0.1 (localhost) by default so the trace listener is only accessible from the local machine. CWE-287
2026-06-08 14:55:14 +02:00 · 2026-04-25 09:57:55 +01:00 · 2026-04-25 09:57:55 +01:00 · 7ea3054fd8
commit 7ea3054fd8
parent 5a4487fc6e
2 changed files with 3 additions and 3 deletions
--- a/cli/planoai/main.py
+++ b/cli/planoai/main.py
@ -499,7 +499,7 @@ def up(
                        grpc_port=tracing_port
                    )
                    console.print(
-                        f"[green]✓[/green] Trace collector listening on [cyan]0.0.0.0:{tracing_port}[/cyan]"
+                        f"[green]✓[/green] Trace collector listening on [cyan]127.0.0.1:{tracing_port}[/cyan]"
                    )
                except Exception as e:
                    console.print(
--- a/cli/planoai/trace_cmd.py
+++ b/cli/planoai/trace_cmd.py
@ -599,7 +599,7 @@ def _start_trace_listener(host: str, grpc_port: int) -> None:


 def start_trace_listener_background(
-    host: str = "0.0.0.0", grpc_port: int = DEFAULT_GRPC_PORT
+    host: str = "127.0.0.1", grpc_port: int = DEFAULT_GRPC_PORT
 ) -> grpc.Server:
    """Start the trace server in-process and return ``grpc.Server`` handle."""
    return _start_trace_server(host, grpc_port)
@ -1117,7 +1117,7 @@ def trace(
    )

    if target == "listen" and not has_show_options:
-        _start_trace_listener("0.0.0.0", DEFAULT_GRPC_PORT)
+        _start_trace_listener("127.0.0.1", DEFAULT_GRPC_PORT)
        return

    if target in ("stop", "down") and not has_show_options: