fix(amass): replace hardcoded /tmp/amass with a private per-task scratch dir#2020
Open
Subramaniyajothi6 wants to merge 2 commits into
Open
fix(amass): replace hardcoded /tmp/amass with a private per-task scratch dir#2020Subramaniyajothi6 wants to merge 2 commits into
Subramaniyajothi6 wants to merge 2 commits into
Conversation
utksh1
requested changes
Jul 14, 2026
utksh1
left a comment
Owner
There was a problem hiding this comment.
The host-side private scratch directory is not available inside the Docker sandbox: when docker_enabled is true, the command receives a host path but docker run does not mount it. Amass will fail to write there. Please mount the directory into the container with safe permissions (or create it inside the container), and add a regression test for the Docker command path as well as cleanup.
Subramaniyajothi6
added a commit
to Subramaniyajothi6/SecuScan
that referenced
this pull request
Jul 15, 2026
In docker engine mode the executor prepended a docker run wrapper to the command but never mounted the host-side scratch dir created for %SECUSCAN_SCRATCH_DIR%. The container has its own filesystem, so amass received -dir <host-path> pointing at a path that does not exist inside the container and could not write its graph store there. Bind-mount the private 0700 scratch dir into the container at the same path (read-write) whenever one was created; it is still removed in the finally block. Add regression tests for the Docker command path: the mount is present, resolves to a real dir that existed during the run, matches the inner -dir value, is cleaned up afterwards, and no mount is added when a plugin uses no scratch token. Addresses review feedback on utksh1#2020.
…tch dir
The amass command_template hardcoded `-dir /tmp/amass`. That path is
world-writable and predictable, which allows symlink/hijack attacks and
cross-user collisions, and it is never cleaned up between runs.
Add a reusable per-task scratch-directory primitive in the executor:
- SCRATCH_DIR_PLACEHOLDER ("%SECUSCAN_SCRATCH_DIR%") is a reserved,
brace-free command-template token, so it passes plugin validation and
template interpolation through untouched as an opaque literal.
- _substitute_scratch_dir() creates a fresh tempfile.mkdtemp (mode 0700,
unpredictable name) and replaces every placeholder occurrence.
- _execute_standard_scanner() resolves it right after build_command and
wraps command execution in try/finally so the directory is removed on
success, egress-validation failure, docker error, timeout, or crash.
amass/metadata.json now uses the token (checksum refreshed). Any plugin
needing a private per-task working dir can reuse the same token.
Update the amass command-render tests that asserted the old /tmp/amass
path and add coverage for _substitute_scratch_dir.
In docker engine mode the executor prepended a docker run wrapper to the command but never mounted the host-side scratch dir created for %SECUSCAN_SCRATCH_DIR%. The container has its own filesystem, so amass received -dir <host-path> pointing at a path that does not exist inside the container and could not write its graph store there. Bind-mount the private 0700 scratch dir into the container at the same path (read-write) whenever one was created; it is still removed in the finally block. Add regression tests for the Docker command path: the mount is present, resolves to a real dir that existed during the run, matches the inner -dir value, is cleaned up afterwards, and no mount is added when a plugin uses no scratch token. Addresses review feedback on utksh1#2020.
ae62073 to
41f0c16
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #1803.
The amass plugin's
command_templatehardcoded-dir /tmp/amass. That path isworld-writable and predictable, which allows symlink/hijack attacks and cross-user
collisions, and it is never cleaned up between runs.
Changes
plugins/amass/metadata.json— replace the hardcoded/tmp/amasswith thereserved token
%SECUSCAN_SCRATCH_DIR%(checksum refreshed). The token contains no{...}, so it passes plugin validation and command-template interpolation throughuntouched as an opaque literal.
backend/secuscan/executor.py— add a small, reusable per-task scratch-dirprimitive:
SCRATCH_DIR_PLACEHOLDERconstant +_substitute_scratch_dir()helper, whichcreates a fresh
tempfile.mkdtemp(prefix="secuscan-<plugin>-")directory (mode0700, unpredictable name) and substitutes every placeholder token with its path.
_execute_standard_scanner()resolves the placeholder right after building thecommand and wraps command execution in
try/finallyso the directory is removedwhen the scan ends — on success, egress-validation failure, docker error, timeout,
or crash.
Any plugin that needs a private, per-task working directory can now use the same
reserved token instead of a hardcoded path.
Why this shape
Command-template interpolation only substitutes declared-field
{placeholders}(andruns them through
sanitize_input), and the plugin validator rejects{placeholders}that don't map to a field — so a runtime-computed path can't be injected cleanly through
a field. A reserved literal resolved centrally in the executor (which owns the run
lifecycle and can guarantee cleanup) is the minimal, robust fit, and matches the issue's
"per-task sandbox dir" suggestion.
amass's parser only consumes stdout, so the
-dirgraph store is pure scratch and safeto remove after the run. In Docker mode the container is
--rm; the host scratch dir isstill created unpredictably and cleaned up.
Tests
/tmp/amass(they encodedthe vulnerable path) and added a regression assert that it's gone and the sentinel is
present.
testing/backend/unit/test_executor_scratch_dir.py: no-op without the token; thetoken resolves to a real existing directory; distinct/unpredictable across calls; all
occurrences replaced; directory is 0700-private on POSIX.
pytest test_amass_plugin.py unit/test_executor_scratch_dir.py→ 27 passed, 1 skipped.Executor suite (48), plugin integrity/checksum (20) pass.
validate_plugins.py→ all 59valid.
ruffclean.Notes
cleanup. PLUGINS.md catalogue row for amass is unchanged.
@utksh1 please review this pr