Skip to content

codex security#45

Draft
kangkangzi2025 wants to merge 1 commit into
mainfrom
codex/codex-security
Draft

codex security#45
kangkangzi2025 wants to merge 1 commit into
mainfrom
codex/codex-security

Conversation

@kangkangzi2025

Copy link
Copy Markdown
Contributor

Summary

Fixes the three Codex Security findings from scan 6e230229-de17-433b-84ab-5b27e025bc9a:

  • Validate filesystem-backed sandbox, memory-store, and session persistence IDs as UUIDs before deriving paths.
  • Add explicit source policies for local memory resource ingest: local import roots, allowed HTTP hosts, private-address blocking, redirect rejection, and size limits.
  • Demote recalled memory from system prompt chunks to untrusted user-context chunks before automatic tool use.

Root cause

Several persistence helpers trusted string identifiers as path components, local resource ingest trusted caller-selected file/URL sources, and memory recall promoted lower-trust snippets into role=system messages.

Validation

  • uv run pytest tests/backends/persistence/test_registry_gc.py tests/memory/persistence/test_persistence.py tests/session/persistence/test_loader_gc.py tests/memory/local_backend/test_local_memory_commit.py tests/memory/local_backend/test_local_memory_resource.py tests/flow/test_memory_inject.py tests/flow/test_agent_forward_memory.py -> 88 passed, 2 skipped
  • uv run pytest tests/memory/local_backend tests/flow tests/session/persistence tests/backends/persistence tests/memory/persistence -> 203 passed, 6 skipped
  • uv run pytest -m "not opensandbox and not openviking and not live_llm and not integration and not bench" -> 789 passed, 8 skipped, 72 deselected, 1 existing warning
  • uv run ruff check src/rath tests -> passed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant