dirtydishes/islandflow
1
0
Fork 0
Code Issues 2 Pull requests 4 Projects Releases Packages Wiki Activity Actions 1

remove frontend cooker route
Some checks are pending
CI / Validate (push) Waiting to run
Details

Browse source
This commit is contained in:
dirtydishes 2026-05-29 09:53:15 -04:00
parent 1cd75ca4b2
commit 6d11abc660
8 changed files with 228 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

1
piolium/attack-surface/candidates.jsonl
View file

@ -74,7 +74,6 @@
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/desktop/src/security.ts","line":6,"snippet":"new URL(DESKTOP_LOCAL_DEV_URL).origin,","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/desktop/src/security.ts","line":26,"snippet":"return TRUSTED_ORIGINS.has(url.origin);","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/desktop/src/security.ts","line":35,"snippet":"return !TRUSTED_ORIGINS.has(url.origin);","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
{"slug":"path-traversal-file-access","description":"Filesystem access using path joins or user-controllable paths.","noise":"normal","filePath":"apps/web/app/frontend-cooker/page.tsx","line":43,"snippet":"<section className={styles.tableWrap}><table><thead><tr>{[\"Ticker\", \"Contract\", \"Expiry\", \"Notional\", \"Side\", \"Delta\", \"Condition\"].map(h => <th key={h}>{h}</th>)}</tr></thead><tbody>{flowRows.map((r) => <tr key={r.join(","matchedPattern":"path join","score":55,"source":"builtin"}
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":516,"snippet":"const contentType = response.headers.get(\"content-type\")?.toLowerCase() ?? \"\";","matchedPattern":"request header read","score":55,"source":"builtin"}
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":1024,"snippet":"const host = isLocal ? `${hostname}:4000` : window.location.host;","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}
{"slug":"hidden-control-channel","description":"Request header or framework/proxy context read that may influence auth, routing, tenant, runtime, debug, or middleware behavior.","noise":"normal","filePath":"apps/web/app/terminal.tsx","line":1024,"snippet":"const host = isLocal ? `${hostname}:4000` : window.location.host;","matchedPattern":"proxy or original request header","score":55,"source":"builtin"}