Skip to content

fix: security hardening (path traversal, file permissions, shell quoting)#97

Merged
pasrom merged 3 commits intomainfrom
fix/security-hardening
Apr 9, 2026
Merged

fix: security hardening (path traversal, file permissions, shell quoting)#97
pasrom merged 3 commits intomainfrom
fix/security-hardening

Conversation

@pasrom
Copy link
Copy Markdown
Owner

@pasrom pasrom commented Apr 9, 2026
edited
Loading

Summary

Applies 3 security fixes originally identified by @danowallegro in their fork's security audit, adapted to the current codebase:

  • Path traversal prevention: Replace basic character filter in ProtocolGenerator.filename() with a proper sanitizeSlug() allowlist (alphanumeric, hyphens, underscores only). Titles like ../../etc/passwd are now safely sanitized. Includes 4 new tests.
  • Restrictive file permissions: Audio files (WAV recordings, temp files) are now created with 0600 (owner-only) permissions, since they may contain sensitive meeting content. Applied to AudioMixer.saveWAV(), AudioCaptureSession, and MicCaptureHandler.
  • Shell injection prevention: Removed unquoted $AUTH variable expansion in notarize_status.sh — credentials are now properly double-quoted inline to prevent word splitting.

Test plan

  • All 77 ProtocolGenerator tests pass (including 4 new sanitization tests)
  • Verify audio files are created with 0600 permissions during a recording
  • Verify notarize_status.sh works with credentials containing spaces

@github-actions github-actions bot added the bug Something isn't working label Apr 9, 2026
pasrom added 3 commits April 9, 2026 21:02
@pasrom
fix(app): sanitize filename slug to prevent path traversal
547e920 
Replace basic character denylist in filename() with allowlist-based
sanitizeSlug(). Only alphanumeric characters, hyphens, and underscores
are kept. Falls back to "meeting" if no allowed characters remain.

Inspired by security audit from @danowallegro.
@pasrom
fix(app): restrict audio file permissions to owner-only (0600)
08117d3 
Audio recordings may contain sensitive meeting content. Set POSIX
permissions to 0600 on all audio output files: AudioMixer.saveWAV(),
AudioCaptureSession temp file, and MicCaptureHandler WAV output.

Inspired by security audit from @danowallegro.
@pasrom
fix(build): quote credential arguments in notarize_status.sh
4b6ddf2 
Use Bash array for AUTH args to prevent word splitting on credential
values containing spaces or special characters.

Inspired by security audit from @danowallegro.
@pasrom pasrom force-pushed the fix/security-hardening branch from dd8a8a6 to 4b6ddf2 Compare April 9, 2026 19:02
@pasrom pasrom merged commit c8a9253 into main Apr 9, 2026
7 checks passed
@pasrom pasrom deleted the fix/security-hardening branch April 9, 2026 19:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pasrom