Skip to content

Fix Ollama proxy bypass and quarantine data-loss paths#3

Draft
cursor[bot] wants to merge 2 commits into
mainfrom
cursor/critical-bug-investigation-dfb5
Draft

Fix Ollama proxy bypass and quarantine data-loss paths#3
cursor[bot] wants to merge 2 commits into
mainfrom
cursor/critical-bug-investigation-dfb5

Conversation

@cursor

@cursor cursor Bot commented Jun 13, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Disable environment-proxy trust for Ollama semantic judge requests so validated localhost URLs cannot be redirected through ambient HTTP_PROXY/HTTPS_PROXY settings.
  • Reject quarantine entries that cannot fit under the total quota before retention or eviction can delete existing evidence.
  • Keep injection pipeline results blocked when quarantine storage raises OSError, matching existing quota failure behavior.
  • Add regression coverage for proxy leakage, redirect/proxy request options, impossible quota writes, and quarantine storage failures.

Validation

  • PYTHONPATH=src python3 -m pytest tests/test_security_regressions.py tests/test_semantic_judge_ollama.py -q -> 16 passed
  • PYTHONPATH=src python3 -m pytest -q -> 1 failed, 17 passed; existing tests/test_contract_document_hash.py::test_vendored_scp_mcp_v1_contract_sha256 mismatch (got=69a40c..., expected=226f19...) is unrelated to this diff and neither the contract document nor hash test changed in this branch.
Open in Web View Automation 

cursoragent and others added 2 commits June 13, 2026 12:21
Co-authored-by: Andre Schu <Art.Int.Interface@gmail.com>
Co-authored-by: Andre Schu <Art.Int.Interface@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant