Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .jules/sentinel.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,3 +22,7 @@
**Vulnerability:** Defense in Depth (CSP Missing)
**Learning:** Even when inputs are properly escaped, statically generated HTML that displays file/directory structures should implement a Content Security Policy (CSP) to provide an extra layer of defense against potential XSS bypasses.
**Prevention:** Include a strict CSP meta tag (e.g., `default-src 'none'; style-src 'unsafe-inline';`) in auto-generated HTML headers when external scripts or resources are not required.
## 2024-07-02 - Malicious ignore files cause DoS

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HIGH OpenCode could not establish approval sufficiency

  • Problem: the model pool exhausted without a valid current-head review control block, so this changed line cannot be approved from deterministic check state alone.
  • Impact: PR-intent mismatches, missing files, robustness bugs, UX/DX regressions, and CodeGraph-backed flow changes could be missed.
  • Fix: rerun OpenCode after model availability recovers, or add the missing source/test/docs/generated verification evidence needed for a source-backed approval.
  • Verification: rerun the OpenCode Review workflow and confirm it emits APPROVE or source-backed REQUEST_CHANGES for this head SHA.

**Vulnerability:** A malicious actor could place a directory named `.html4ignore` or a massive `.html4ignore` file, leading to application crashes (`java.io.FileNotFoundException: .html4ignore (Is a directory)`) or memory/resource exhaustion.
**Learning:** Applications reading hidden configuration files from user-controlled directories must validate file type (isFile) and size before loading them into memory.
**Prevention:** Add checks for `isFile` and enforce a reasonable file size limit (e.g., 1MB) before parsing directory-level configuration files.
4 changes: 2 additions & 2 deletions src/main/kotlin/html4tree/main.kt
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ fun main(args: Array<String>) = Html4tree().main(args)

fun go(topDir: String, maxLevel: Int) {
require(topDir.isNotBlank())
val top_dir = File(topDir).canonicalFile
val top_dir = File(topDir).absoluteFile
require(Files.isDirectory(top_dir.toPath(), LinkOption.NOFOLLOW_LINKS)) { "Top directory must be an existing non-symlink directory" }

val ll = LinkedList()
Expand Down Expand Up @@ -88,7 +88,7 @@ fun process_ignore_file(curr_dir: File): Set<String> {

val files_to_exclude = mutableSetOf<String>()

if(ignore_file.exists()){
if(ignore_file.exists() && ignore_file.isFile() && ignore_file.length() <= 1048576){ // Limit to 1MB
val ignored_regexes = mutableListOf<Regex>()

ignore_file.forEachLine {
Expand Down
47 changes: 47 additions & 0 deletions src/test/kotlin/html4tree/SentinelTest.kt
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
package html4tree

import org.junit.Test
import java.io.File
import java.nio.file.Files
import kotlin.test.assertTrue
import kotlin.test.assertFalse

class SentinelTest {

@Test
fun testIgnoreFileIsDirectory() {
val tempDir = Files.createTempDirectory("html4tree-test-sentinel").toFile()
try {
val ignoreDir = File(tempDir, ".html4ignore")
ignoreDir.mkdir() // Create a directory instead of a file

val testFile = File(tempDir, "test.txt")
testFile.createNewFile()

// Should not crash, and test.txt shouldn't be excluded
val excluded = process_ignore_file(tempDir)
assertFalse(excluded.contains("test.txt"))
} finally {
tempDir.deleteRecursively()
}
}

@Test
fun testIgnoreFileIsTooLarge() {
val tempDir = Files.createTempDirectory("html4tree-test-sentinel").toFile()
try {
val ignoreFile = File(tempDir, ".html4ignore")
val chars = ByteArray(1024 * 1024 + 10) { 'a'.toByte() }
ignoreFile.writeBytes(chars) // Create file slightly larger than 1MB

val testFile = File(tempDir, "test.txt")
testFile.createNewFile()

// Should not crash, and test.txt shouldn't be excluded since the file is ignored
val excluded = process_ignore_file(tempDir)
assertFalse(excluded.contains("test.txt"))
} finally {
tempDir.deleteRecursively()
}
}
}