AntFleet

Disagreement · 3a9ae97b-anthropic-7

share_landing falls back to request.host_url which yields scheme spoofable by client

solo Opus
repo 193af03f·PR #1·reviewed 1 week ago

Opus finding

share_landing falls back to request.host_url which yields scheme spoofable by client

lowsecuritymedium
  • backend/app/api/share.py:268-278
  • backend/app/api/feed.py:55-66
If Config.PUBLIC_BASE_URL is unset, share.py and feed.py blindly trust X-Forwarded-Host / X-Forwarded-Proto from incoming requests. An attacker can send these headers (when Flask is exposed without a normalising reverse proxy) to make the rendered OG og:url and feed atom self-link point at attacker-controlled hosts, which is then served back to clients/scrapers. Pure header spoofing won't compromise the server, but it weaponises the share page into an open redirect / spoofed OG card. Feed.py has same issue.

Recommendation

Only honour X-Forwarded-* when behind a known proxy (Flask's ProxyFix configured via env var), or require Config.PUBLIC_BASE_URL to be set and refuse to fall back to header-derived host.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

← back to all disagreementsview public receiptssee unanimous findings + anatomies →
Tweet ↗