Skip to content

fix(amass): replace hardcoded /tmp/amass with a private per-task scratch dir#2020

Open
Subramaniyajothi6 wants to merge 2 commits into
utksh1:mainfrom
Subramaniyajothi6:fix/amass-tmp-path
Open

fix(amass): replace hardcoded /tmp/amass with a private per-task scratch dir#2020
Subramaniyajothi6 wants to merge 2 commits into
utksh1:mainfrom
Subramaniyajothi6:fix/amass-tmp-path

Conversation

@Subramaniyajothi6

Copy link
Copy Markdown
Contributor

Summary

Closes #1803.

The amass plugin's command_template hardcoded -dir /tmp/amass. That path is
world-writable and predictable, which allows symlink/hijack attacks and cross-user
collisions, and it is never cleaned up between runs.

Changes

  • plugins/amass/metadata.json — replace the hardcoded /tmp/amass with the
    reserved token %SECUSCAN_SCRATCH_DIR% (checksum refreshed). The token contains no
    {...}, so it passes plugin validation and command-template interpolation through
    untouched as an opaque literal.
  • backend/secuscan/executor.py — add a small, reusable per-task scratch-dir
    primitive:
    • SCRATCH_DIR_PLACEHOLDER constant + _substitute_scratch_dir() helper, which
      creates a fresh tempfile.mkdtemp(prefix="secuscan-<plugin>-") directory (mode
      0700, unpredictable name) and substitutes every placeholder token with its path.
    • _execute_standard_scanner() resolves the placeholder right after building the
      command and wraps command execution in try/finally so the directory is removed
      when the scan ends — on success, egress-validation failure, docker error, timeout,
      or crash.

Any plugin that needs a private, per-task working directory can now use the same
reserved token instead of a hardcoded path.

Why this shape

Command-template interpolation only substitutes declared-field {placeholders} (and
runs them through sanitize_input), and the plugin validator rejects {placeholders}
that don't map to a field — so a runtime-computed path can't be injected cleanly through
a field. A reserved literal resolved centrally in the executor (which owns the run
lifecycle and can guarantee cleanup) is the minimal, robust fit, and matches the issue's
"per-task sandbox dir" suggestion.

amass's parser only consumes stdout, so the -dir graph store is pure scratch and safe
to remove after the run. In Docker mode the container is --rm; the host scratch dir is
still created unpredictably and cleaned up.

Tests

  • Updated the three amass command-render tests that asserted /tmp/amass (they encoded
    the vulnerable path) and added a regression assert that it's gone and the sentinel is
    present.
  • New testing/backend/unit/test_executor_scratch_dir.py: no-op without the token; the
    token resolves to a real existing directory; distinct/unpredictable across calls; all
    occurrences replaced; directory is 0700-private on POSIX.

pytest test_amass_plugin.py unit/test_executor_scratch_dir.py → 27 passed, 1 skipped.
Executor suite (48), plugin integrity/checksum (20) pass. validate_plugins.py → all 59
valid. ruff clean.

Notes

  • No default guard weakened; this only removes a predictable-path weakness and adds
    cleanup. PLUGINS.md catalogue row for amass is unchanged.

@utksh1 please review this pr

@utksh1 utksh1 added level:advanced 55 pts difficulty label for advanced contributor PRs type:security Security work category bonus label type:bug Bug fix work category bonus label area:backend Backend API, database, or service work area:plugins Scanner plugin metadata, schemas, or plugin runtime work area:security Security-sensitive implementation or tests labels Jul 14, 2026

@utksh1 utksh1 left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The host-side private scratch directory is not available inside the Docker sandbox: when docker_enabled is true, the command receives a host path but docker run does not mount it. Amass will fail to write there. Please mount the directory into the container with safe permissions (or create it inside the container), and add a regression test for the Docker command path as well as cleanup.

Subramaniyajothi6 added a commit to Subramaniyajothi6/SecuScan that referenced this pull request Jul 15, 2026
In docker engine mode the executor prepended a docker run wrapper to the
command but never mounted the host-side scratch dir created for
%SECUSCAN_SCRATCH_DIR%. The container has its own filesystem, so amass
received -dir <host-path> pointing at a path that does not exist inside
the container and could not write its graph store there.

Bind-mount the private 0700 scratch dir into the container at the same
path (read-write) whenever one was created; it is still removed in the
finally block. Add regression tests for the Docker command path: the
mount is present, resolves to a real dir that existed during the run,
matches the inner -dir value, is cleaned up afterwards, and no mount is
added when a plugin uses no scratch token.

Addresses review feedback on utksh1#2020.
…tch dir

The amass command_template hardcoded `-dir /tmp/amass`. That path is
world-writable and predictable, which allows symlink/hijack attacks and
cross-user collisions, and it is never cleaned up between runs.

Add a reusable per-task scratch-directory primitive in the executor:

- SCRATCH_DIR_PLACEHOLDER ("%SECUSCAN_SCRATCH_DIR%") is a reserved,
  brace-free command-template token, so it passes plugin validation and
  template interpolation through untouched as an opaque literal.
- _substitute_scratch_dir() creates a fresh tempfile.mkdtemp (mode 0700,
  unpredictable name) and replaces every placeholder occurrence.
- _execute_standard_scanner() resolves it right after build_command and
  wraps command execution in try/finally so the directory is removed on
  success, egress-validation failure, docker error, timeout, or crash.

amass/metadata.json now uses the token (checksum refreshed). Any plugin
needing a private per-task working dir can reuse the same token.

Update the amass command-render tests that asserted the old /tmp/amass
path and add coverage for _substitute_scratch_dir.
In docker engine mode the executor prepended a docker run wrapper to the
command but never mounted the host-side scratch dir created for
%SECUSCAN_SCRATCH_DIR%. The container has its own filesystem, so amass
received -dir <host-path> pointing at a path that does not exist inside
the container and could not write its graph store there.

Bind-mount the private 0700 scratch dir into the container at the same
path (read-write) whenever one was created; it is still removed in the
finally block. Add regression tests for the Docker command path: the
mount is present, resolves to a real dir that existed during the run,
matches the inner -dir value, is cleaned up afterwards, and no mount is
added when a plugin uses no scratch token.

Addresses review feedback on utksh1#2020.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:backend Backend API, database, or service work area:plugins Scanner plugin metadata, schemas, or plugin runtime work area:security Security-sensitive implementation or tests level:advanced 55 pts difficulty label for advanced contributor PRs type:bug Bug fix work category bonus label type:security Security work category bonus label

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[#30] amass writes to a hardcoded predictable /tmp/amass path

2 participants