vestige/crates
Sam Valladares 5c9e66108d fix(security): close SSRF/token-exfil + credential leaks (swarm audit)
Multi-model audit (deepseek-v4/minimax/kimi/qwen) surfaced these; verified
against the real code and fixed the confirmed ones:

- github connector: host-pin failed OPEN when api_root was unparseable/hostless
  — the bearer token would ride a Link `next` url to an attacker host. Now
  fail-closed: no pinned host => drop the url. (CRITICAL: SSRF / token exfil)
- GithubConfig/RedmineConfig derived Debug leaked the token/api_key into any
  {:?} log line or panic message. Replaced with manual redacting Debug impls.
- cross_project priority calc used `as u32 - i` which underflows/panics (debug)
  or wraps + corrupts the sort (release). Use saturating_sub.

Verified false-positive (no change): path-traversal in get_file_context — it
only inspects the path string, never reads the file.

core: 535 passed / 0 failed, clippy clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 13:47:10 -05:00
..
vestige-core fix(security): close SSRF/token-exfil + credential leaks (swarm audit) 2026-06-28 13:47:10 -05:00
vestige-mcp docs(demo): full run-it-yourself README + unify failure detection 2026-06-27 18:12:09 -05:00