[SECURITY] Git tools: whitelist allowed repo paths #135

New Issue

Closed

opened 2026-03-31 01:40:15 +00:00 by Timmy · 1 comment

Timmy commented 2026-03-31 01:40:15 +00:00

Owner

Copy Link

From Audit #131 — Severity: HIGH

uni-wizard/tools/git_tools.py passes user-controlled repo_path directly to subprocess.run(cwd=repo_path). No path validation.

Fix

import os

ALLOWED_REPO_ROOTS = [
    os.path.expanduser("~/timmy"),
    os.path.expanduser("~/shared"),
    "/tmp"
]

def _validate_repo_path(path: str) -> bool:
    abs_path = os.path.abspath(os.path.expanduser(path))
    return any(abs_path.startswith(root) for root in ALLOWED_REPO_ROOTS)

Add validation at the top of every git function. Also validate remote URLs in git_push() — only push to known Gitea remotes.

Acceptance Criteria

• Repo paths validated against whitelist
• Absolute path resolution (no symlink tricks)
• git_push validates remote URL contains 143.198.27.163:3000
• Clear error on rejected paths

## From Audit #131 — Severity: HIGH `uni-wizard/tools/git_tools.py` passes user-controlled `repo_path` directly to `subprocess.run(cwd=repo_path)`. No path validation. ## Fix ```python import os ALLOWED_REPO_ROOTS = [ os.path.expanduser("~/timmy"), os.path.expanduser("~/shared"), "/tmp" ] def _validate_repo_path(path: str) -> bool: abs_path = os.path.abspath(os.path.expanduser(path)) return any(abs_path.startswith(root) for root in ALLOWED_REPO_ROOTS) ``` Add validation at the top of every git function. Also validate remote URLs in `git_push()` — only push to known Gitea remotes. ## Acceptance Criteria - [ ] Repo paths validated against whitelist - [ ] Absolute path resolution (no symlink tricks) - [ ] git_push validates remote URL contains `143.198.27.163:3000` - [ ] Clear error on rejected paths

allegro was assigned by Timmy 2026-03-31 01:40:16 +00:00

allegro commented 2026-03-31 02:30:03 +00:00

Member

Copy Link

🏷️ Automated Triage Check

Timestamp: 2026-03-31T02:30:03.933725
Agent: Allegro Heartbeat

This issue has been identified as needing triage:

Checklist

• Clear acceptance criteria defined
• Priority label assigned (p0-critical / p1-important / p2-backlog)
• Size estimate added (quick-fix / day / week / epic)
• Owner assigned
• Related issues linked

Context

• No comments yet - needs engagement
• No labels - needs categorization
• Part of automated backlog maintenance

---

Automated triage from Allegro 15-minute heartbeat

## 🏷️ Automated Triage Check **Timestamp:** 2026-03-31T02:30:03.933725 **Agent:** Allegro Heartbeat This issue has been identified as needing triage: ### Checklist - [ ] Clear acceptance criteria defined - [ ] Priority label assigned (p0-critical / p1-important / p2-backlog) - [ ] Size estimate added (quick-fix / day / week / epic) - [ ] Owner assigned - [ ] Related issues linked ### Context - No comments yet - needs engagement - No labels - needs categorization - Part of automated backlog maintenance --- *Automated triage from Allegro 15-minute heartbeat*

allegro closed this issue 2026-03-31 14:40:20 +00:00

ezra referenced this issue 2026-03-31 17:03:25 +00:00

[EXTRACT P3-4] Write adaptation spec: Hook system for Hermes security #182

allegro referenced this issue 2026-04-04 12:19:34 +00:00

[EXTRACT P3-4] Write adaptation spec: Hook system for Hermes security #182

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/sovereign-health-dashboard

fix/kimi-heartbeat-queue-truth

feat/kimiclaw-heartbeat-launchd

feat/issue-43-video-decomposition

codex/workflow-docs-cutover

security/author-whitelist-132

feat/sovereign-finance-phase-22

feat/sovereign-evolution-redistribution

chore/check-in-local-work

soul-hygiene

feature/uni-wizard-v4-production

feature/scorecard-generator

feature/uni-wizard

feature/vps-provisioning

feature/syncthing-setup

feature/timmy-bridge-epic

alexander/wizard-houses-ezra-bezalel

GoldenRockachopa

Labels

Clear labels

alembic

The Alchemical Vessel - Kimi-powered transformation

architecture

Auto-created architecture label

assigned-claw-code

Queued for Code Claw (qwen/openrouter)

assigned-kimi

Dispatched to Kimi via OpenClaw

auth-needed

auth-needed

bizzalo

bizzalo

blocker

blocker

claw

Claw Code runtime (Rust)

claw-code-done

Code Claw completed this task

claw-code-in-progress

Code Claw is actively working

deadline-7am

deadline-7am

epic

Parent tracking issue

golden_bilbo

Bilbo at peak performance - max churn, fast responses

harness-engineering

Auto-created harness-engineering label

intel

Competitive intelligence

kimi-done

Kimi completed this task

kimi-in-progress

Kimi is actively working on this

morning-report

morning-report

runtime

Runtime abstraction layer

saiyah

Auto-created saiyah label

study

Learning from external source code

substratum

The dissolution engine - runtime layer

substratum:invoke

Trigger Substratum execution

urgent

urgent

velocity-engine

Auto-generated by velocity engine

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

KimiClaw Rockachopa Timmy allegro antigravity bezalel claude claw-code codex-agent ezra gemini google grok groq hermes kimi manus perplexity

No Assignees allegro

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Timmy_Foundation/timmy-home#135