f79c64cd44
Security fixes: - Path traversal guard in include: local: — paths with ../ that escape the repo root are rejected instead of reading arbitrary host files - HTTP timeout (30 s) on all fetcher requests to prevent indefinite hangs - Response size cap (10 MiB) via io.LimitReader to prevent memory exhaustion - Cache directory and file permissions tightened to 0700/0600 - LSP Content-Length cap (64 MiB) to guard against DoS from a malicious client New feature: - --proxy flag on check, graph, and lsp subcommands; also proxy: key in .glint.yml; overrides system HTTP_PROXY / HTTPS_PROXY env vars when set; cmdGraph and cmdLSP now also load .glint.yml for proxy/token/url fallbacks New lint rule: - GL045 (Warning): include: remote: using plain http:// instead of https:// Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
32 lines
858 B
Go
32 lines
858 B
Go
package linter
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
"git.k3nny.fr/glint/internal/model"
|
|
)
|
|
|
|
// checkInsecureRemoteInclude warns when an include: remote: entry uses plain
|
|
// HTTP (GL045). The file is still fetched and linted; the finding is a warning
|
|
// so pipelines that use HTTP for internal infra are not blocked.
|
|
func checkInsecureRemoteInclude(p *model.Pipeline) []Finding {
|
|
var findings []Finding
|
|
for _, inc := range p.Include {
|
|
m, ok := inc.(map[string]any)
|
|
if !ok {
|
|
continue
|
|
}
|
|
remote, _ := m["remote"].(string)
|
|
if strings.HasPrefix(remote, "http://") {
|
|
findings = append(findings, Finding{
|
|
Severity: Warning,
|
|
Rule: RuleInsecureRemoteInclude,
|
|
File: p.SourceFile,
|
|
Message: fmt.Sprintf("remote include %q uses plain HTTP; CI templates are fetched unencrypted — prefer HTTPS", remote),
|
|
})
|
|
}
|
|
}
|
|
return findings
|
|
}
|