Skip to content

[Security] No TLS/HTTPS content inspection - only SNI visible #127

New issue
New issue
Open
#131
Open
[Security] No TLS/HTTPS content inspection - only SNI visible#127
#131
Assignees
Mossakacopilot-swe-agent
Labels
enhancementNew feature or request
@Mossaka

Description

@Mossaka
Mossaka
opened on Dec 19, 2025

Priority

P0 - Critical

Summary

AWF only inspects SNI (Server Name Indication) in the TLS ClientHello. It cannot see or filter based on URL paths, query parameters, or request methods for HTTPS traffic.

Current Behavior

When a client makes an HTTPS request, Squid only sees the CONNECT method with the domain:

CONNECT github.com:443 HTTP/1.1

Squid cannot distinguish between:

  • https://github.com/safe-org/repo
  • https://github.com/malicious-org/repo

Both requests are allowed if github.com is whitelisted.

Security Impact

  • Data exfiltration: Malicious code can exfiltrate data to any path on allowed domains
  • Access control bypass: Cannot restrict to specific repositories, API endpoints, or paths
  • Audit limitations: Logs only show domain, not actual resource accessed

Code Locations

  • src/squid-config.ts:108-120 - ACL rules only match dstdomain
  • Squid config uses http_access allow based on domain only

Proposed Solution

Enable Squid SSL Bump

  1. Generate per-session CA certificate (for security):
// Generate self-signed CA valid for 1 day only
openssl req -new -newkey rsa:2048 -days 1 -nodes -x509 \
  -subj "/CN=AWF Session CA" \
  -keyout ${workDir}/ca-key.pem -out ${workDir}/ca-cert.pem
  1. Configure Squid SSL Bump (src/squid-config.ts):
http_port 3128 ssl-bump \
  cert=/etc/squid/ca-cert.pem \
  key=/etc/squid/ca-key.pem \
  generate-host-certificates=on \
  dynamic_cert_mem_cache_size=4MB

acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump allowed_domains
ssl_bump terminate all
  1. Inject CA into agent container:
COPY ca-cert.pem /usr/local/share/ca-certificates/awf-ca.crt
RUN update-ca-certificates
  1. Add URL path ACLs:
acl allowed_urls url_regex ^https://github\.com/githubnext/
http_access allow allowed_urls
http_access deny all

Security Considerations

  • CA key stays in tmpfs only (never persisted)
  • Generated per-session, unique to each execution
  • Private key never written to logs
  • Certificate valid for 1 day maximum
  • Users should be informed that HTTPS traffic is inspected

Files to Modify

  • src/squid-config.ts - Add SSL Bump configuration
  • containers/squid/Dockerfile - Ensure OpenSSL tools available
  • containers/agent/Dockerfile - CA certificate injection
  • New: src/ssl-bump.ts - CA generation utilities

Testing

Add test cases:

  • URL path filtering for HTTPS works
  • CA injection successful
  • CA key not exposed in logs
  • Self-signed cert handling
  • Certificate chain validation

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions