chore: add CSP header; route unwatch-file through path-guard#3
Merged
Conversation
CSP: default-src 'self' with allowances for xterm's runtime inline styles (style-src 'unsafe-inline'), data: imgs, and data: fonts. No 'unsafe-inline' or 'unsafe-eval' for scripts — markdown is sanitised through DOMPurify before hitting the DOM. unwatch-file: route the path through assertPathAllowed so the IPC surface is uniform with watch-file / read-file-for-panel / save-file-for-panel. A renderer can only ever close a watcher it could have opened anyway, so this is consistency rather than a real escalation fix. Identified during a follow-up audit against upstream PR #27. The other items in #27 (path-guard on file IPCs, DOMPurify on markdown, scheduler shell-quoting) are already in place via earlier hardening commits. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes the only real gap found auditing upstream security PRs doctly#27 and doctly#32 against this fork's existing hardening.
What this PR adds
Content-Security-Policy on every renderer response.
default-src 'self'script-src 'self'(nounsafe-inline/unsafe-eval— markdown goes through DOMPurify before hitting the DOM)style-src 'self' 'unsafe-inline'— xterm injects per-cell colour styles via `setAttribute('style', …)` at runtime; this is required.img-src 'self' data: blob:— for icons and any avatars/screenshots.object-src 'none',base-uri 'self',frame-ancestors 'none'.unwatch-fileIPC now routes throughassertPathAllowed, matching the rest of the file IPC surface. Not a real escalation fix (a renderer can only ever close a watcher it opened) — consistency.What we did NOT pull from doctly#27 / doctly#32 (already covered)
read-file-for-panel,save-file-for-panel,watch-file,read-memory,save-memorypath-guard.jsmarked.parse()outputpermissionMode/worktreeName/addDirsvalidationclaude-cmd.js(regex-validated, shell-quoted)PERMISSION_MODES,MODEL_RE,BUDGET_RE,ALLOWED_TOOL_NAMES); upstream's argv refactor would be more defensive but functionally equivalent given correct `shq`0o600mcp-bridge.js:341claude-auth.jskeychainexecSync→execFileSyncTest plan
npm test→ 145/145 passing🤖 Generated with Claude Code