Skip to content

fix(aidlc-traceability): harden report generation, file reads, and discovery#481

Merged
raj-jain-aws merged 2 commits into
mainfrom
fix/aidlc-traceability-security-findings
Jul 3, 2026
Merged

fix(aidlc-traceability): harden report generation, file reads, and discovery#481
raj-jain-aws merged 2 commits into
mainfrom
fix/aidlc-traceability-security-findings

Conversation

@harmjeff

@harmjeff harmjeff commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Summary

Updates across the aidlc-traceability CLI, covering three code paths and updating the threat model to match the implemented mitigations.

  • HTML report generation
  • AI agent file reads
  • Source discovery

Testing

  • pytest131 passed (120 existing + 11 new regression tests).
  • New tests: symlink file + symlink directory handling in test_discovery.py, script-block containment in test_generators.py, and a new test_agent_security.py covering path resolution and read-boundary enforcement (traversal, absolute path, symlink escape).

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.

…scovery

Defensive hardening across the traceability CLI:

- HTML report: neutralize "</" -> "<\/" in the embedded artifact-data JSON
  so artifact titles/descriptions cannot terminate the surrounding <script>
  block. Complements the existing html.escape()/escapeHtml() paths.

- AI agent file reads: replace the unbounded read_source_code_file() with
  make_source_code_reader(project_root), a factory that binds the project
  root and confines all reads to it, rejecting traversal, absolute-path, and
  symlink escapes. Mirrors the _resolve_safe() pattern in aidlc-evaluator.

- Source discovery: skip symlinks and verify each discovered file resolves
  within the project root, so links pointing outside the project are not read.

Update threat-model.md to match the implemented mitigations and add
regression tests for each path (131 tests pass).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@harmjeff harmjeff requested a review from a team as a code owner July 2, 2026 12:47
@github-actions github-actions Bot added the documentation Improvements or additions to documentation label Jul 2, 2026
@harmjeff

harmjeff commented Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

All the scanning issies are in code the PR did not touch except the markdown lint

Re-pad threat and mitigation tables so pipes align with headers, satisfying
markdownlint MD060 (aligned table style). Whitespace-only; no content change.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@harmjeff harmjeff closed this Jul 2, 2026
@harmjeff harmjeff deleted the fix/aidlc-traceability-security-findings branch July 2, 2026 13:19
@raj-jain-aws raj-jain-aws restored the fix/aidlc-traceability-security-findings branch July 3, 2026 06:28
@raj-jain-aws raj-jain-aws reopened this Jul 3, 2026

@raj-jain-aws raj-jain-aws left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@raj-jain-aws raj-jain-aws enabled auto-merge July 3, 2026 06:29
@raj-jain-aws raj-jain-aws added this pull request to the merge queue Jul 3, 2026
Merged via the queue into main with commit 96cf0ea Jul 3, 2026
43 of 49 checks passed
@raj-jain-aws raj-jain-aws deleted the fix/aidlc-traceability-security-findings branch July 3, 2026 08:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants