Source: Security-auditor finding on Issue #1175 (STEP 4.8 plan freshness re-verification), retroactively filed via scripts/backfill_1175_security_advisories.sh after #1180 closed the ADVISORY-FINDINGS tracking gap.
Severity: Low
Location: plugins/autonomous-dev/lib/plan_freshness.py:31 — module-level constant _FILE_PATH_REGEX
Finding: The regex [\w/.-]+\.(py|md|json|yaml|sh|ts|js) uses an unbounded [\w/.-]+ character class. While Python's re module does not have catastrophic backtracking in the classical sense (the pattern has no nested quantifiers), finditer over very large plan markdown blobs with adversarial input could exhibit superlinear scanning time. Low severity because (a) input is trusted (planner-generated), (b) Python's re is non-backtracking for this pattern shape, and (c) plan size is bounded by the planner's output budget.
Attack vector: Theoretical only — would require an attacker to control plan content AND produce a multi-megabyte plan with adversarial padding. Both pre-conditions are absent in the current pipeline.
Recommendation: Bound the path length explicitly. Either (a) cap the quantifier [\w/.-]{1,512}\.(py|md|json|yaml|sh|ts|js), or (b) pre-truncate plan_content to a maximum size before regex scanning (e.g., 1 MiB). Option (a) is preferred because it preserves error visibility — overlong paths simply fail to match.
Acceptance: A regression test in tests/unit/lib/ that confirms a plan containing a single 100 KB run of [\w/.-] characters completes regex extraction in <100 ms (or, with the cap, returns no false matches).
Labels: security, auto-improvement
Source: Security-auditor finding on Issue #1175 (STEP 4.8 plan freshness re-verification), retroactively filed via
scripts/backfill_1175_security_advisories.shafter #1180 closed the ADVISORY-FINDINGS tracking gap.Severity: Low
Location:
plugins/autonomous-dev/lib/plan_freshness.py:31— module-level constant_FILE_PATH_REGEXFinding: The regex
[\w/.-]+\.(py|md|json|yaml|sh|ts|js)uses an unbounded[\w/.-]+character class. While Python'sremodule does not have catastrophic backtracking in the classical sense (the pattern has no nested quantifiers),finditerover very large plan markdown blobs with adversarial input could exhibit superlinear scanning time. Low severity because (a) input is trusted (planner-generated), (b) Python'sreis non-backtracking for this pattern shape, and (c) plan size is bounded by the planner's output budget.Attack vector: Theoretical only — would require an attacker to control plan content AND produce a multi-megabyte plan with adversarial padding. Both pre-conditions are absent in the current pipeline.
Recommendation: Bound the path length explicitly. Either (a) cap the quantifier
[\w/.-]{1,512}\.(py|md|json|yaml|sh|ts|js), or (b) pre-truncateplan_contentto a maximum size before regex scanning (e.g., 1 MiB). Option (a) is preferred because it preserves error visibility — overlong paths simply fail to match.Acceptance: A regression test in
tests/unit/lib/that confirms a plan containing a single 100 KB run of[\w/.-]characters completes regex extraction in <100 ms (or, with the cap, returns no false matches).Labels:
security,auto-improvement