fix: resolve critical vulnerability V-001

orbisai0security · orbisai0security · commit 68584e1da28e · 2026-01-12T09:21:49.000Z
Automatically generated security fix
diff --git a/examples/operator-browserbase/.env.example b/examples/operator-browserbase/.env.example
@@ -4,5 +4,8 @@ UI_TARS_API_KEY=your_ui_tars_api_key_here
 UI_TARS_MODEL=your_ui_tars_model_here
 
 # Browserbase Configuration
-BROWSERBASE_API_KEY=your_browserbase_api_key_here
-BROWSERBASE_PROJECT_ID=your_browserbase_project_id_here
+# SECURITY: Keep API keys SERVER-SIDE ONLY - do NOT prefix with NEXT_PUBLIC_
+# These credentials must never be exposed to the client-side
+NEXT_PUBLIC_BROWSERBASE_PROJECT_ID=your_browserbase_project_id_here
+# PRIVATE: Store this in .env.local or secure environment only
+# BROWSERBASE_API_KEY=your_browserbase_api_key_here (do NOT expose to client)
diff --git a/examples/operator-browserbase/app/api/agent/route.ts b/examples/operator-browserbase/app/api/agent/route.ts
@@ -5,9 +5,82 @@
 import { NextResponse } from 'next/server';
 import { GUIAgent, StatusEnum } from '@ui-tars/sdk';
 import { BrowserbaseOperator } from '@ui-tars/operator-browserbase';
+import { z } from 'zod';
 
 export const dynamic = 'force-dynamic';
 
+// Request rate limiting map: tracks requests per API key
+const requestRateLimitMap = new Map<string, { count: number; resetTime: number }>();
+const RATE_LIMIT_WINDOW_MS = 60 * 1000; // 1 minute
+const MAX_REQUESTS_PER_WINDOW = 10;
+
+// Request body schema validation
+const AgentRequestSchema = z.object({
+  goal: z.string().min(1).max(5000),
+  sessionId: z.string().min(1).max(256),
+});
+
+type AgentRequest = z.infer<typeof AgentRequestSchema>;
+
+/**
+ * Verify API authentication via Authorization header
+ * SECURITY: Requires valid authorization token to prevent unauthorized access
+ */
+function verifyAuthentication(request: Request): string | null {
+  const authHeader = request.headers.get('authorization');
+  if (!authHeader?.startsWith('Bearer ')) {
+    return null;
+  }
+  const token = authHeader.substring(7);
+  const expectedToken = process.env.AGENT_API_SECRET;
+  if (!expectedToken || token !== expectedToken) {
+    return null;
+  }
+  return token;
+}
+
+/**
+ * Check rate limiting for the request
+ * SECURITY: Prevents abuse by limiting requests per authentication token
+ */
+function checkRateLimit(apiKey: string): boolean {
+  const now = Date.now();
+  const record = requestRateLimitMap.get(apiKey);
+  
+  if (!record || now >= record.resetTime) {
+    requestRateLimitMap.set(apiKey, { count: 1, resetTime: now + RATE_LIMIT_WINDOW_MS });
+    return true;
+  }
+  
+  if (record.count >= MAX_REQUESTS_PER_WINDOW) {
+    return false;
+  }
+  
+  record.count++;
+  return true;
+}
+
+/**
+ * Structured logging for security audit trail
+ * SECURITY: Provides comprehensive audit logs for forensic analysis
+ */
+function logSecurityEvent(
+  eventType: string,
+  clientIp: string | null,
+  userId: string | null,
+  details: Record<string, unknown>,
+) {
+  const timestamp = new Date().toISOString();
+  const logEntry = {
+    timestamp,
+    eventType,
+    clientIp: clientIp || 'unknown',
+    userId: userId || 'unauthenticated',
+    ...details,
+  };
+  console.log(JSON.stringify(logEntry));
+}
+
 const SYSTEM_PROMPT = `You are a GUI agent. You are given a task and your action history, with screenshots. You need to perform the next action to complete the task.
 
 ## Output Format
@@ -37,19 +110,50 @@ export async function POST(request: Request) {
   const responseStream = new TransformStream();
   const writer = responseStream.writable.getWriter();
   const encoder = new TextEncoder();
+  
+  // Extract client IP for logging (SECURITY: for audit trail)
+  const clientIp = request.headers.get('x-forwarded-for') || 
+                   request.headers.get('x-real-ip') || 
+                   'unknown';
 
   try {
-    console.log('request', request);
-    const body = await request.json();
-    const { goal, sessionId } = body;
+    // SECURITY: Verify authentication before processing
+    const apiToken = verifyAuthentication(request);
+    if (!apiToken) {
+      logSecurityEvent('auth_failed', clientIp, null, { reason: 'missing_or_invalid_token' });
+      return NextResponse.json(
+        { error: 'Unauthorized: Missing or invalid authorization token' },
+        { status: 401 },
+      );
+    }
+
+    // SECURITY: Check rate limiting
+    if (!checkRateLimit(apiToken)) {
+      logSecurityEvent('rate_limit_exceeded', clientIp, apiToken, {});
+      return NextResponse.json(
+        { error: 'Rate limit exceeded' },
+        { status: 429 },
+      );
+    }
 
-    if (!sessionId) {
+    // SECURITY: Validate request body schema
+    let parsedBody: AgentRequest;
+    try {
+      const body = await request.json();
+      parsedBody = AgentRequestSchema.parse(body);
+    } catch (error) {
+      logSecurityEvent('validation_failed', clientIp, apiToken, { 
+        error: error instanceof Error ? error.message : 'Invalid request body' 
+      });
       return NextResponse.json(
-        { error: 'Missing sessionId in request body' },
+        { error: 'Invalid request body: goal and sessionId are required' },
         { status: 400 },
       );
     }
 
+    const { goal, sessionId } = parsedBody;
+    logSecurityEvent('request_accepted', clientIp, apiToken, { goal: goal.substring(0, 100) });
+
     console.log('sessionIdsessionIdsessionId', sessionId);
     const operator = new BrowserbaseOperator({
       // browserbaseSessionID: sessionId,
@@ -104,8 +208,10 @@ export async function POST(request: Request) {
 
     guiAgent.run(goal);
   } catch (error) {
+    const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+    logSecurityEvent('processing_error', clientIp, null, { error: errorMessage });
     console.error('Error in agent endpoint:', error);
-    writer.write(encoder.encode(JSON.stringify({ error })));
+    writer.write(encoder.encode(JSON.stringify({ error: 'Internal server error' })));
     writer.close();
   }
 
diff --git a/multimodal/tarko/agent-server-next/src/controllers/user.ts b/multimodal/tarko/agent-server-next/src/controllers/user.ts
@@ -108,11 +108,20 @@ export async function getOrCreateUserConfig(c: HonoContext) {
 
 /**
  * Delete user configuration
+ * 
+ * SECURITY: Only allows the authenticated user to delete their own configuration.
+ * The userId is obtained from the authenticated session, not from request body.
  */
 export async function deleteUserConfig(c: HonoContext) {
   try {
     const user = requireAuth(c);
     const userConfigService = getUserConfigService(c);
+    
+    // Verify that the authenticated user is performing the operation on their own account
+    if (!user?.userId) {
+      return c.json({ error: 'Unauthorized' }, 401);
+    }
+    
     const deleted = await userConfigService.deleteUserConfig(user.userId);
 
     if (!deleted) {
diff --git a/multimodal/tarko/agent-server/src/server.ts b/multimodal/tarko/agent-server/src/server.ts
@@ -5,6 +5,8 @@
 
 import express from 'express';
 import http from 'http';
+import https from 'https';
+import rateLimit from 'express-rate-limit';
 import { setupAPI } from './api';
 import { LogLevel } from '@tarko/interface';
 import { StorageProvider, createStorageProvider } from './storage';
@@ -37,11 +39,28 @@ export { express };
 export class AgentServer<T extends AgentAppConfig = AgentAppConfig> {
   // Core server components
   private app: express.Application;
-  private server: http.Server;
+  private server: http.Server | https.Server;
 
   // Server state
   private isRunning = false;
 
+  // SECURITY: Rate limiting configuration to prevent DoS attacks
+  private readonly globalLimiter = rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 1000, // 1000 requests per windowMs
+    message: 'Too many requests from this IP, please try again later.',
+    standardHeaders: true,
+    legacyHeaders: false,
+  });
+
+  private readonly apiLimiter = rateLimit({
+    windowMs: 1 * 60 * 1000, // 1 minute
+    max: 100, // 100 requests per minute for API endpoints
+    message: 'Too many API requests from this IP, please try again later.',
+    standardHeaders: true,
+    legacyHeaders: false,
+  });
+
   // Session management
   public sessions: Record<string, AgentSession> = {};
   public storageUnsubscribes: Record<string, () => void> = {};
@@ -86,6 +105,20 @@ export class AgentServer<T extends AgentAppConfig = AgentAppConfig> {
     this.app = express();
     this.server = http.createServer(this.app);
 
+    // SECURITY: Apply rate limiting middleware to all requests
+    this.app.use(this.globalLimiter);
+
+    // SECURITY: Add HSTS header for HTTPS connections
+    // This enforces HTTPS usage and prevents downgrade attacks
+    this.app.use((req, res, next) => {
+      // Only set HSTS if using HTTPS or if explicitly configured
+      const useHttps = appConfig.server?.https?.enabled || process.env.NODE_ENV === 'production';
+      if (useHttps || req.protocol === 'https') {
+        res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
+      }
+      next();
+    });
+
     // Initialize storage if provided
     if (appConfig.server?.storage) {
       this.storageProvider = createStorageProvider(appConfig.server.storage);
