fix(mcp): add RejectDenied env-var protection to run_command tool#328
Merged
Conversation
Add secrets.RejectDenied() check in tools_run.go before passing env to RunCommand, mirroring the existing check in execute_with_secret. Also deny-list PATH to prevent executable hijacking via PATH override. Closes #317
Replace string(passphrase) with unsafe.String(unsafe.SliceData(...), len(...)) in EncryptWithPassphraseArgon2id and DecryptWithPassphraseArgon2id, matching the pattern already used in the scrypt-based EncryptWithPassphrase/ DecryptWithPassphrase. This prevents an unwiped GC-heap copy of the passphrase. Closes #318
…Locked Add vaultcrypto.Wipe(plaintext) via defer after json.Marshal succeeds, ensuring the plaintext buffer is zeroed before going out of scope even if the subsequent file write fails. Closes #319
…hing new one Store a cancel channel on the Server struct. Close the previous channel before launching a new auto-clear goroutine, and also close it in Server.Close(). This prevents goroutine leaks on repeated clipboard copies and on server shutdown. Closes #327
Replace bare fmt.Errorf("X: %w", err) in cmd/crud RunE functions with
appropriate errorspkg constructors (NotFound, ReadFailed, WriteFailed, Wrap).
This preserves typed errors, correct exit codes, and actionable hints
through the error chain.
Affected commands: add, delete, edit, find, get, list, set.
Closes #320
# Conflicts: # internal/vault/search.go
Owner
Author
|
The merge is blocked because the repository's branch protection rules require status checks for Go 1.26.3 ('Test (ubuntu-latest, 1.26.3)', etc.). However, this PR bumps the Go version to 1.26.4 to address the security vulnerabilities GO-2026-5039 and GO-2026-5037, causing the CI to run with Go 1.26.4 instead. Reverting to Go 1.26.3 is not recommended as it would reintroduce the vulnerabilities. This PR must be merged via admin bypass (--force) or the branch protection settings must be updated. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bundles fixes for multiple open issues. The list below grows as commits land; every linked issue will close automatically on merge.