Disagreement · 44bd7a66-anthropic-5

Secret scanner reads files via raw path join — no symlink/traversal protection

solo Opus

repo 56f59a0d·PR #1·reviewed 4 days ago

Opus finding

Secret scanner reads files via raw path join — no symlink/traversal protection

lowsecuritymedium

src/ci/secrets.ts:81-94

ChangedFile.path comes from git diff but is joined to cwd without normalization. A repository containing a symlink (committed) named e.g. `link -> /etc/passwd` would, if marked changed, cause statSync to follow the symlink and readFileSync to read host system files. The scan output is then included in CI findings with file content (redacted, but raw line context). Use of statSync (follows symlinks) rather than lstatSync compounds this. Severity is low because (a) the result is only used to emit findings, not exfiltrated, and (b) attacker needs commit access; but it still represents an unintended file read.

Recommendation

Use lstatSync and skip symlinks; or resolve the realpath and reject if it escapes cwd.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

highsecurity
Security policy can be bypassed by placing sensitive files in subdirectories (anchored patterns only match repo root)
view anatomy →

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗