feat(security): security hardening, proxy support, and GL045 HTTP include warning
Security fixes: - Path traversal guard in include: local: — paths with ../ that escape the repo root are rejected instead of reading arbitrary host files - HTTP timeout (30 s) on all fetcher requests to prevent indefinite hangs - Response size cap (10 MiB) via io.LimitReader to prevent memory exhaustion - Cache directory and file permissions tightened to 0700/0600 - LSP Content-Length cap (64 MiB) to guard against DoS from a malicious client New feature: - --proxy flag on check, graph, and lsp subcommands; also proxy: key in .glint.yml; overrides system HTTP_PROXY / HTTPS_PROXY env vars when set; cmdGraph and cmdLSP now also load .glint.yml for proxy/token/url fallbacks New lint rule: - GL045 (Warning): include: remote: using plain http:// instead of https:// Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -853,4 +853,18 @@ test:
|
||||
- if: $CI_COMMIT_BRANCH == "main"
|
||||
needs: [build, lint]`,
|
||||
},
|
||||
|
||||
RuleInsecureRemoteInclude: {
|
||||
Title: "remote include uses plain HTTP",
|
||||
Severity: Warning,
|
||||
Description: "An include: remote: entry uses an http:// URL instead of https://. " +
|
||||
"CI templates fetched over plain HTTP are transmitted in cleartext; an " +
|
||||
"attacker with network access could intercept or modify the template " +
|
||||
"before it is parsed. Use https:// so the connection is encrypted and " +
|
||||
"the server's identity is verified.",
|
||||
Example: `include:
|
||||
- remote: http://ci-templates.example.com/build.yml`,
|
||||
Fix: `include:
|
||||
- remote: https://ci-templates.example.com/build.yml`,
|
||||
},
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user