Disagreement · 748568f3-anthropic-5

Opt-in route never re-validates `payload.owner`/`payload.repo` shape before passing to DB

solo Opus

repo e24ef98c·PR #9·reviewed 1 week ago

Opus finding

Opt-in route never re-validates `payload.owner`/`payload.repo` shape before passing to DB

lowsecuritymedium

apps/web/lib/optin-token.ts:83-99
apps/web/app/api/opt-in/route.ts:60-67

Verification only checks types (string), not GitHub's owner/repo grammar (no slashes, length limits, allowed chars). A token signed with `owner: ''` or `owner: '../../etc'` is accepted and passed to the DB query and into HTML (escaped). DB queries are presumably parameterized so SQL injection is not a concern, but a malformed token that someone with the secret could craft would still result in spurious audit rows with bogus identifiers. Severity is low because crafting requires the HMAC secret; this is purely defense-in-depth.

Recommendation

Validate owner/repo against `^[A-Za-z0-9._-]{1,100}$` in verifyTokenDetailed before returning 'ok'.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

lowmaintainability
`backfill-benchmark-flag.ts` script detection of direct execution is fragile under compiled / symlinked runs
view anatomy →

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗