mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-13 06:56:06 +00:00
7d2a2bd978
Codex independent review identified a critical security issue: when cluster validation fails, the previous fix fell back to permissive mode (allowing ALL nodes), making the proxy a potential SSRF/network scanner for any container that could reach the socket. NEW BEHAVIOR: When cluster validation is unavailable (IPC blocked), fall back to localhost-only validation instead of permissive mode. This maintains security while still allowing self-monitoring. Implementation: - Added validateAsLocalhost() method to nodeValidator - Calls discoverLocalHostAddresses() to get local IPs/hostnames - Only allows requests matching the local host - Blocks requests to other cluster members or arbitrary hosts Test results on delly (clustered node with IPC blocked): - Request to 192.168.0.5 (self): ALLOWED, temps fetched - Request to 192.168.0.134 (cluster peer): BLOCKED with node_not_localhost - No more "allowing all nodes" security regression Related to #571 - addresses Codex security audit feedback This prevents the proxy from being abused as a network scanner while still solving the original temperature monitoring issue. |
||
|---|---|---|
| .. | ||
| audit.go | ||
| audit_test.go | ||
| auth.go | ||
| auth_test.go | ||
| capabilities.go | ||
| cleanup.go | ||
| config.example.yaml | ||
| config.go | ||
| main.go | ||
| main_test.go | ||
| metrics.go | ||
| ssh.go | ||
| ssh_test.go | ||
| throttle.go | ||
| throttle_test.go | ||
| validation.go | ||
| validation_fuzz_test.go | ||
| validation_test.go | ||