AntFleet

Disagreement · 11ac0e29-openai-0

Unauthenticated endpoints expose CI run metadata and raw logs

solo GPT-5
repo 6f7fc663·PR #26·reviewed 1 week ago

GPT-5 finding

Unauthenticated endpoints expose CI run metadata and raw logs

highsecurityhigh
  • dashboard/app/api/runs/[id]/logs/route.ts:24-35
  • dashboard/app/api/runs/[id]/logs/route.ts:113-120
  • dashboard/app/api/analytics/route.ts:52-60
  • dashboard/app/api/analytics/route.ts:195-208
  • dashboard/app/api/runs/route.ts:24-44
All three routes are public GET handlers with no authentication or authorization. The logs route returns large portions of GitHub Actions logs and metadata fetched using server-side credentials. If the dashboard is deployed publicly, any unauthenticated user can enumerate runs and fetch logs, which may include sensitive internal details, and can also trigger repeated gh CLI invocations on the server.

Recommendation

Require authentication/authorization for these endpoints (e.g., check session/token and role before executing gh commands). Add rate limiting and caching. Consider feature-gating or disabling log/analytics endpoints in production unless explicitly enabled. Sanitize/ redact sensitive lines in logs, and scope the GH token to read-only with least privilege.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →
← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗