dirtydishes/islandflow
1
0
Fork 0
Code Issues 2 Pull requests 4 Projects Releases Packages Wiki Activity Actions 1
islandflow/piolium/attack-surface/patch-bypass-summary.md
dirtydishes 47a5adca90
Some checks failed
CI / Validate (pull_request) Has been cancelled
Details
Add attack surface audit artifacts 
- Add advisory, entrypoint, and candidate scan outputs
- Capture dependency intelligence and cross-service attack surface notes
2026-05-28 05:13:36 -04:00

5 KiB
Raw Blame History

Stage 02 Patch History & Bypass Review

Scan window: git log -n "${PIOLIUM_COMMIT_SCAN_LIMIT:-500}" --since="${PIOLIUM_COMMIT_SCAN_SINCE:-60 days ago}" --all (evaluated with defaults: 500 commits, since 60 days ago). Keyword sweep focused on CVE/security/auth/token/allowlist/deploy/ssh/harden-related commits.

Relevant historical fixes reviewed

Commit Area Patch summary Bypass attempts today Conclusion
8464287 / stash index bff5334 Dependency CVEs Added root overrides for postcss, tar, tmp; upgraded ws in ingest services from ^8.18.3 to ^8.21.0. Checked current root and Docker workspace package manifests: overrides are present in both. Searched all package manifests for direct vulnerable ws pins: only ingest services use ^8.21.0. No sibling service currently pins ws, tar, tmp, or postcss directly outside the override coverage. Sound for manifest coverage. Residual risk is lockfile/install-policy dependent; no patch bypass found in source manifests.
5ddfbfa Deploy allowlist Removed broad deployment/npm/ from ALLOWED_REMOTE_UNTRACKED, leaving only the exact signal-cli tarball. Reviewed current remoteGitPrecheck(): it extracts the full untracked path and uses a shell case against a generated pattern containing only deployment/docker/signal-cli-0.14.3-Linux-native.tar.gz. Because the allowed pattern has no wildcard, paths such as deployment/docker/signal-cli-0.14.3-Linux-native.tar.gz/evil, deployment/npm/x, or other untracked deployment payloads do not match. Tracked modifications still fail closed. Sound. No alternate deploy precheck path found in current scripts/deploy.ts.
2865d56 Deploy precheck pattern handling Converted multiple allowed untracked paths into one case alternative pattern instead of emitting malformed case arms. Current implementation first strips ?? into path and nests a second case, avoiding the earlier malformed pattern/line parsing issue. With a single exact allowlisted file, pattern differential bypass is not apparent. Sound.
39bac1e plus later deploy hardening VPS deployment safety Introduced scripts/deploy.ts with local/remote cleanliness checks and non-interactive SSH. Later commits added remote resolution, local-server execution, runtime scopes, and tighter checks. Checked for command injection through branch/remote names: branch and remote used in remote shell scripts are passed through shellEscape(). Checked untrusted config branches: DEPLOY_NATIVE_SYSTEMCTL_PREFIX is interpolated into shell scripts unescaped, but this is a local deploy-operator environment override; an attacker who controls it already controls the deployment process. Current-branch deploy requires clean local status and pushes the selected remote before remote switch/pull. Sound under intended trust model (deploy operator controls environment). No remote attacker bypass identified.
e70835e Native deploy SSH assumptions Added $HOME/.bun/bin to PATH for native remote precheck/rollout/verification and ensured verification cds into repo. Not a security fix; reviewed for relocated command execution. It only adds a fixed PATH prefix and does not incorporate attacker-controlled input besides the deploy operator's environment. Not security-relevant / no bypass.
07a9b91 then 7d25608 Alpaca auth handling Initially removed deprecated key-pair auth in favor of single bearer token; later restored/normalized current Alpaca key-id + secret handling, including news worker wiring. Current code centralizes auth in packages/config/src/alpaca.ts. Searched for old direct header construction and env names: ingest services call the shared resolver; docs still note legacy bearer fallback. The fallback is intentional compatibility, not an auth bypass, because it is only used when no explicit key-id/secret pair is configured. Relocated but currently centralized/sound. Historical “fix” was corrected by later compatibility patch; no duplicate stale adapter path found.

Additional notes

  • Several deploy/network commits (21ec3eb, 9901b13/1c0e2e5, cf7ddf3, d7e984c, etc.) are operational hardening/removal of obsolete wrappers. Current repo has a single top-level deploy entrypoint invoking scripts/deploy.ts; no deprecated deployment/npm rollout path remains as an executable bypass surface.
  • The .env.example and docs still list legacy Alpaca variables, but runtime behavior requires either a complete key-id/secret pair or the explicitly supported legacy bearer token. Missing partial credentials fail closed via hasAlpacaCredentials() callers.

Overall conclusion

No currently exploitable patch bypass was identified in the reviewed security-relevant history. The highest-value checks were the deploy untracked-file allowlist and dependency-CVE manifest coverage; both are presently covered. Recommended follow-up: run dependency audit against the concrete bun.lock/container build outputs to confirm the manifest overrides are materialized in deployed artifacts.