vestige/crates/vestige-core
Sam Valladares 5c9e66108d fix(security): close SSRF/token-exfil + credential leaks (swarm audit)
Multi-model audit (deepseek-v4/minimax/kimi/qwen) surfaced these; verified
against the real code and fixed the confirmed ones:

- github connector: host-pin failed OPEN when api_root was unparseable/hostless
  — the bearer token would ride a Link `next` url to an attacker host. Now
  fail-closed: no pinned host => drop the url. (CRITICAL: SSRF / token exfil)
- GithubConfig/RedmineConfig derived Debug leaked the token/api_key into any
  {:?} log line or panic message. Replaced with manual redacting Debug impls.
- cross_project priority calc used `as u32 - i` which underflows/panics (debug)
  or wraps + corrupts the sort (release). Use saturating_sub.

Verified false-positive (no change): path-traversal in get_file_context — it
only inspects the path string, never reads the file.

core: 535 passed / 0 failed, clippy clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 13:47:10 -05:00
..
benches feat(v2.0.5): Intentional Amnesia — active forgetting via top-down inhibitory control 2026-04-14 17:30:30 -05:00
src fix(security): close SSRF/token-exfil + credential leaks (swarm audit) 2026-06-28 13:47:10 -05:00
Cargo.toml feat(cloud-sync): zero-knowledge client-side encryption (XChaCha20-Poly1305) 2026-06-19 21:19:16 -05:00