Skip to content

fix(security): address code scanning alerts - pin deps and fix CodeQL#740

Merged
imran-siddique merged 1 commit intomicrosoft:mainfrom
imran-siddique:fix/code-scanning-alerts
Apr 3, 2026
Merged

fix(security): address code scanning alerts - pin deps and fix CodeQL#740
imran-siddique merged 1 commit intomicrosoft:mainfrom
imran-siddique:fix/code-scanning-alerts

Conversation

@imran-siddique
Copy link
Copy Markdown
Member

@imran-siddique imran-siddique commented Apr 3, 2026

Fix Code Scanning Alerts

Addresses OpenSSF Scorecard and CodeQL alerts from code-scanning.

Scorecard PinnedDependenciesID (~65 alerts)

  • Pin pip/setuptools/wheel versions in root Dockerfile
  • Pin build, setuptools in CI workflow
  • Pin atheris in clusterfuzzlite build.sh
  • Pin cspell to exact 8.17.3 in spell-check.yml
  • Add --ignore-scripts to all npm install fallbacks
  • Annotate 11 local package installs with Scorecard comments

CodeQL (1 alert)

  • Fix py/incomplete-url-substring-sanitization in test_mcp_integration.py

@imran-siddique
fix(security): address code scanning alerts — pin deps and fix CodeQL
e6e39d3 
Scorecard PinnedDependenciesID:
- Pin pip/setuptools/wheel in root Dockerfile
- Pin build, setuptools in CI workflow
- Pin atheris in clusterfuzzlite build.sh
- Pin cspell to exact version in spell-check.yml
- Add --ignore-scripts to npm install fallbacks
- Annotate local package installs with Scorecard comments

CodeQL py/incomplete-url-substring-sanitization:
- Fix URL substring check in test_mcp_integration.py (use set equality)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@imran-siddique imran-siddique merged commit 6f23161 into microsoft:main Apr 3, 2026
19 of 21 checks passed
@github-actions github-actions bot added the size/S Small PR (< 50 lines) label Apr 3, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 3, 2026

🤖 AI Agent: security-scanner — Security Review of Pull Request

Security Review of Pull Request

This pull request addresses dependency pinning and a CodeQL alert related to URL sanitization. Below is a detailed security analysis based on the provided diff and description.

Findings

1. Dependency Pinning Improvements

  • Issue: Unpinned dependencies can lead to supply chain attacks, where malicious actors introduce vulnerabilities into upstream packages.
  • Changes:
    • Pinned versions for pip, setuptools, wheel, atheris, cspell, and other dependencies in various workflows and the Dockerfile.
    • Added --ignore-scripts to npm install commands to prevent execution of potentially malicious scripts during installation.
  • Assessment: 🔵 LOW
    • These changes improve the security posture by reducing the risk of supply chain attacks. However, there is no evidence of active exploitation or immediate risk.
  • Recommendations:
    • Ensure that all pinned versions are updated regularly to include security patches.
    • Consider using tools like dependabot to automate dependency updates and vulnerability checks.

2. CodeQL Alert: Incomplete URL Substring Sanitization

  • Issue: The test in test_mcp_integration.py was using a substring match (in) to verify the presence of a URL in client._connected_servers. This could potentially allow bypasses if an attacker injects a malicious URL that contains the target URL as a substring.
  • Changes:
    • Replaced the substring check with an exact match comparison (==) for client._connected_servers.
  • Assessment: 🟠 HIGH
    • This is a significant improvement as it mitigates a potential attack vector where an attacker could exploit the substring match to bypass URL validation.
  • Recommendations:
    • Ensure that all other URL validation logic in the codebase is similarly robust.
    • Consider adding additional tests to verify edge cases, such as URLs with query parameters or fragments.

3. Local Package Installation Comments

  • Issue: Local packages were being installed without explicit versioning, which could lead to inconsistencies or vulnerabilities if the local package dependencies are not properly pinned.
  • Changes:
    • Added comments indicating that local packages are pinned via pyproject.toml.
  • Assessment: 🔵 LOW
    • While the comments clarify the dependency pinning, they do not enforce it. If the pyproject.toml file is not properly maintained, this could still lead to issues.
  • Recommendations:
    • Regularly audit the pyproject.toml file to ensure all dependencies are appropriately pinned.
    • Consider adding automated checks to verify that all dependencies in pyproject.toml are pinned.

4. Potential for Credential Exposure in Logs

  • Issue: Several pip install and npm install commands redirect errors to /dev/null (e.g., 2>/dev/null). While this prevents sensitive information from being logged, it also suppresses potentially useful error messages.
  • Changes: No changes were made to address this issue.
  • Assessment: 🟡 MEDIUM
    • Suppressing error messages entirely can make debugging difficult and may hide critical issues. However, this is not a direct security vulnerability unless sensitive information is being logged.
  • Recommendations:
    • Use a logging mechanism that captures errors securely without exposing sensitive information.
    • Avoid suppressing all error messages; instead, filter out sensitive data explicitly.

5. Use of --ignore-scripts in npm install

  • Issue: The --ignore-scripts flag was added to npm install commands to prevent the execution of potentially malicious scripts. This is a good practice to mitigate supply chain attacks.
  • Changes:
    • Added --ignore-scripts to npm install commands in multiple workflows.
  • Assessment: 🔵 LOW
    • This change improves security by mitigating a known attack vector. However, it is important to ensure that the flag is consistently applied across all npm install commands.
  • Recommendations:
    • Verify that all npm install commands in the repository use the --ignore-scripts flag.
    • Regularly audit third-party dependencies for vulnerabilities.

Summary of Findings

Finding Severity Attack Vector Recommendation
Dependency pinning improvements 🔵 LOW Unpinned dependencies could allow malicious actors to introduce vulnerabilities into upstream packages. Regularly update pinned dependencies and consider using tools like dependabot for automation.
Incomplete URL substring sanitization 🟠 HIGH Substring matching for URLs could allow attackers to inject malicious URLs that contain the target URL as a substring. Ensure all URL validation logic uses exact matches or robust parsing. Add tests for edge cases like query parameters or fragments.
Local package installation comments 🔵 LOW Local packages are not explicitly pinned in the installation commands, relying on pyproject.toml for version constraints. Regularly audit pyproject.toml for proper dependency pinning. Add automated checks to enforce this.
Potential for credential exposure in logs 🟡 MEDIUM Redirecting errors to /dev/null suppresses potentially sensitive information but also hides useful debugging details. Use secure logging mechanisms to capture errors without exposing sensitive data. Avoid suppressing all error messages; filter sensitive data explicitly.
Use of --ignore-scripts in npm install 🔵 LOW Prevents execution of potentially malicious scripts during npm install. Ensure consistent use of --ignore-scripts across all npm install commands. Regularly audit third-party dependencies for vulnerabilities.

General Recommendations

  1. Automated Dependency Management: Use tools like dependabot or renovate to automate dependency updates and ensure that pinned versions are up-to-date.
  2. CodeQL Coverage: Expand CodeQL coverage to include other potential vulnerabilities, such as deserialization attacks or race conditions.
  3. Testing: Add tests to validate the changes made in this PR, especially for the URL sanitization fix. Ensure edge cases are covered.
  4. Documentation: Update the repository's documentation to reflect the new dependency pinning practices and security improvements.

Final Assessment

This pull request addresses several important security issues, particularly around dependency pinning and URL sanitization. While the changes improve the security posture of the project, there are still areas that could benefit from additional scrutiny and improvement. The most critical issue addressed is the URL sanitization fix, which resolves a potential policy engine circumvention vulnerability.

Overall Rating: 🟠 HIGH (due to the URL sanitization issue).

github-actions[bot]
github-actions bot reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 AI Agent: code-reviewer

Review Summary

This pull request addresses security and dependency management issues flagged by OpenSSF Scorecard and CodeQL. The changes include pinning dependencies across Dockerfiles, CI workflows, and scripts, as well as fixing a CodeQL alert related to URL substring sanitization. While the changes improve security and compliance, there are some areas that require further attention and clarification.

🔴 CRITICAL

1. Potential Sandbox Escape via pip install

  • Issue: The use of pip install -e with local packages (pip install ./packages/...) in multiple scripts and workflows could allow malicious code execution if the local package contains unsafe code. This is particularly concerning in CI environments where the source code might not be fully trusted.
  • Recommendation: Validate the integrity of local packages before installation. Consider using pip install --require-hashes with a requirements.txt file to ensure that only verified dependencies are installed.

2. Incomplete URL Sanitization Fix

  • File: packages/agent-mesh/tests/test_mcp_integration.py
  • Issue: The fix for py/incomplete-url-substring-sanitization changes the assertion but does not address the underlying issue of validating the URL format. This could allow malformed or malicious URLs to bypass security checks.
  • Recommendation: Use a robust URL validation library (e.g., validators or urllib.parse) to ensure that URLs conform to expected formats before adding them to _connected_servers.

3. Unpinned npm Dependencies

  • File: .github/workflows/ci.yml, .github/workflows/publish.yml
  • Issue: While npm install --ignore-scripts mitigates script execution risks, the lack of pinned versions for npm dependencies could introduce vulnerabilities due to unverified updates.
  • Recommendation: Pin all npm dependencies using package-lock.json or equivalent mechanisms to ensure reproducibility and security.

🟡 WARNING

1. Breaking Changes in Dependency Versions

  • File: Dockerfile, .github/workflows/ci.yml
  • Issue: Pinning specific versions of pip, setuptools, and wheel may cause compatibility issues with future updates or other dependencies.
  • Recommendation: Test the pinned versions against all supported Python versions (3.9–3.12) and document the rationale for these specific versions. Consider using a range of versions if possible.

2. Changes to Test Assertions

  • File: packages/agent-mesh/tests/test_mcp_integration.py
  • Issue: The change from assert "https://mcp.example.com:8080" in client._connected_servers to assert client._connected_servers == {"https://mcp.example.com:8080"} alters the test logic. This could lead to false negatives if _connected_servers contains additional valid entries.
  • Recommendation: Ensure that the test logic aligns with the intended behavior of the connect method. If multiple servers can be connected, the original assertion might be more appropriate.

💡 SUGGESTIONS

1. Improve Comments for Pinned Dependencies

  • Issue: Comments like # Install local package (Scorecard: pinned via pyproject.toml) are helpful but could be more informative.
  • Recommendation: Expand comments to explain why specific versions are pinned and how they address security concerns. For example: # Pinning dependencies to mitigate supply chain risks as flagged by OpenSSF Scorecard.

2. Automate Dependency Updates

  • Issue: Manually pinning dependencies can lead to outdated versions over time.
  • Recommendation: Use tools like Dependabot or Renovate to automate dependency updates while ensuring compatibility and security.

3. Add Tests for Dependency Integrity

  • Issue: Dependency pinning does not guarantee that the installed packages are free from vulnerabilities.
  • Recommendation: Integrate tools like Safety or pip-audit into CI workflows to scan for known vulnerabilities in pinned dependencies.

4. Document Security Fixes

  • Issue: The rationale for security fixes (e.g., npm install --ignore-scripts) is not documented.
  • Recommendation: Add a SECURITY.md file to the repository to document security practices and decisions.

Summary of Actions

  1. 🔴 Validate local packages before installation to prevent sandbox escape.
  2. 🔴 Implement robust URL validation in test_mcp_integration.py.
  3. 🔴 Pin npm dependencies to specific versions.
  4. 🟡 Test compatibility of pinned Python dependencies across all supported versions.
  5. 🟡 Review changes to test assertions for potential logic errors.
  6. 💡 Improve comments for pinned dependencies.
  7. 💡 Automate dependency updates using tools like Dependabot.
  8. 💡 Add tests for dependency integrity using tools like Safety.
  9. 💡 Document security fixes in a SECURITY.md file.

Let me know if you need further clarification or assistance!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

size/S Small PR (< 50 lines)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@imran-siddique