feat: add public doctor API for programmatic usage [4 of 8]#271
Closed
whizzzkid wants to merge 1 commit intofeat/refactor-library-part_3from
Closed
feat: add public doctor API for programmatic usage [4 of 8]#271whizzzkid wants to merge 1 commit intofeat/refactor-library-part_3from
whizzzkid wants to merge 1 commit intofeat/refactor-library-part_3from
Conversation
- Add src/doctor/api.rs with run() and list() functions - Update src/doctor/check.rs for API integration - Update src/doctor/commands/run.rs to use new runner - Update src/doctor/mod.rs with new exports - Refactor src/doctor/runner.rs for library usage Co-Authored-By: Claude (global.anthropic.claude-opus-4-5-20251101-v1:0) <noreply@anthropic.com>
whizzzkid
changed the title
|
This pull request introduces insecure temporary file handling in src/doctor/commands/run.rs: the migration code uses a predictable path under world-writable /tmp (/tmp/scope/cache-file.json) without ownership or symlink checks, allowing local attackers to pre-create or replace the file with a symlink and cause arbitrary file reads or, if destination influence is possible, file overwrites.
Insecure Temporary File Handling in
|
| Vulnerability | Insecure Temporary File Handling |
|---|---|
| Description | The migration logic in get_cache and migrate_old_cache uses a hardcoded, predictable path in the world-writable /tmp directory (/tmp/scope/cache-file.json) without performing necessary security checks such as ownership verification or symlink detection. Since /tmp is world-writable, any local user can pre-create this directory and file. If an attacker replaces the file with a symbolic link, the tool (running as another user, potentially root) will follow the link and copy the contents of the target file to the new cache location. This leads to arbitrary file read (information disclosure) or, if the attacker can influence the destination path (e.g., via environment variables), arbitrary file overwrite. |
scope/src/doctor/commands/run.rs
Lines 54 to 57 in 1fafbf3
All finding details can be found in the DryRun Security Dashboard.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Part 4 of 8
This is 4/8 of #265
Description of Changes (auto-gen)