Skip to content

fix(security): code quality ΓÇö XSS, Rust panics, example warnings (#4)#1139

Closed
imran-siddique wants to merge 4 commits into
microsoft:mainfrom
imran-siddique:fix/security-audit-comprehensive
Closed

fix(security): code quality ΓÇö XSS, Rust panics, example warnings (#4)#1139
imran-siddique wants to merge 4 commits into
microsoft:mainfrom
imran-siddique:fix/security-audit-comprehensive

Conversation

@imran-siddique
Copy link
Copy Markdown
Member

@imran-siddique imran-siddique commented Apr 15, 2026

Branch: fix/security-audit-comprehensive (4 commits ahead of main)

Commits

4fa525e fix(security): code quality ΓÇö XSS, Rust panics, example warnings (#4)
e5b8843 fix(security): Docker/infra hardening ΓÇö CORS, Grafana, .dockerignore, CODEOWNERS (#3)
0716f10 fix(security): supply chain hardening ΓÇö dep confusion, lockfiles, Dockerfile digest (#2)
7a916f6 fix(security): eliminate CI injection vectors and pin actions (#1)

imran-siddique and others added 4 commits April 1, 2026 16:12
@imran-siddique
fix(security): eliminate CI injection vectors and pin actions (#1)
7a916f6 
- Move all github.event.* expressions from run: to env: blocks (CWE-94)
  - spell-check.yml: changed_files via env var
  - markdown-link-check.yml: changed_files via temp file input
  - ai-spec-drafter.yml: issue.number via env var
  - ai-test-generator.yml: pull_request.number via env var
  - ai-release-notes.yml: release.tag_name via env var
  - sbom.yml: release.tag_name via env var
- Redact secret scanner output to prevent secret leaks to CI logs (CWE-200)
- SHA-pin dtolnay/rust-toolchain (the only unpinned action) (CWE-829)
- Add missing permissions: block to markdown-link-check.yml (CWE-250)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@imran-siddique
fix(security): supply chain hardening — dep confusion, lockfiles, Doc…
0716f10 
…kerfile digest (#2)

- Fix dependency confusion: replace agent-primitives==0.1.0 with local
  file references in scak and iatp requirements.txt (CWE-427)
- Pin root Dockerfile base image to SHA digest (CWE-829)
- Generate missing package-lock.json for 4 npm packages (CWE-829):
  mcp-proxy, api, chrome extension, mastra-agentmesh
- Remove unsafe npm ci || npm install fallback in ESRP pipeline (CWE-829)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@imran-siddique
fix(security): Docker/infra hardening — CORS, Grafana, .dockerignore,…
e5b8843 
… CODEOWNERS (#3)

- Replace hardcoded Grafana admin passwords with env var refs in 7
  docker-compose files (CWE-798)
- Replace wildcard CORS allow_origins=[*] with env-driven origins
  in 6 production services (CWE-942)
- Add secret exclusion patterns (.env, *.key, *.pem, *.p12) to root
  and caas .dockerignore files (CWE-532)
- Add security contact, supported versions, and 90-day disclosure
  policy to SECURITY.md (CWE-693)
- Add CODEOWNERS rules for scripts/, Dockerfile, docker-compose*,
  .dockerignore, .clusterfuzzlite/ (CWE-862)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@imran-siddique
fix(security): code quality — XSS, Rust panics, example warnings (#4)
4fa525e 
- Replace innerHTML with safe DOM APIs (textContent, createElement)
  in PolicyEditorPanel.ts and MetricsDashboardPanel.ts (CWE-79)
- Add HTML entity escaping for violation names in metrics dashboard
- Replace .unwrap() with .expect() on production RwLock/Mutex calls
  in policy.rs for clearer panic messages (CWE-252)
- Add INTENTIONALLY INSECURE warnings to test fixture code in
  github-reviewer example to prevent copy-paste propagation

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@imran-siddique imran-siddique deleted the fix/security-audit-comprehensive branch April 15, 2026 04:48
@github-actions github-actions Bot added documentation Improvements or additions to documentation dependencies Pull requests that update a dependency file agent-mesh agent-mesh package agent-hypervisor agent-hypervisor package agent-sre agent-sre package ci/cd CI/CD and workflows security Security-related issues integration/mastra-agentmesh size/XL Extra large PR (500+ lines) labels Apr 15, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 15, 2026

🤖 AI Agent: docs-sync-checker — Issues Found

📝 Documentation Sync Report

Issues Found

  1. create_app() in packages/agent-hypervisor/src/hypervisor/api/server.py — missing docstring. This is a public function and should include a docstring explaining its purpose, parameters, and return values.
  2. ⚠️ packages/agent-hypervisor/README.md — no updates to reflect the new CORS_ALLOWED_ORIGINS environment variable. This change should be documented in the README under configuration or setup instructions.
  3. ⚠️ CHANGELOG.md — no entry for the changes related to CORS_ALLOWED_ORIGINS or other security updates (e.g., .env exclusions in .dockerignore).
  4. ⚠️ Example code in packages/agent-hypervisor/examples/docker-compose/app/server.py — updated CORS_ALLOWED_ORIGINS behavior is not explained in the example's comments or documentation.

Suggestions

  • 💡 Add a docstring for create_app() in packages/agent-hypervisor/src/hypervisor/api/server.py. Example: 
    def create_app() -> FastAPI:
    """
    Creates and configures the FastAPI application.

    Returns:
        FastAPI: The configured FastAPI application instance.
    """
  • 💡 Update packages/agent-hypervisor/README.md to include a section on configuring CORS_ALLOWED_ORIGINS via environment variables.
  • 💡 Add an entry to CHANGELOG.md summarizing the changes: 
    ### Security
- Added support for configuring `CORS_ALLOWED_ORIGINS` via environment variables.
- Updated `.dockerignore` to exclude sensitive files like `.env`, `.key`, and `secrets/`.
  • 💡 Add comments in packages/agent-hypervisor/examples/docker-compose/app/server.py explaining the purpose of CORS_ALLOWED_ORIGINS and how to configure it.

Type Hints

  • The create_app() function already has a return type hint (-> FastAPI), so no additional type hints are needed.

Overall Assessment

The PR introduces important security and configuration changes, but the documentation and examples need updates to reflect these changes. Additionally, a missing docstring for a public function needs to be addressed.

Let me know if you need further assistance!

github-actions[bot]
github-actions Bot reviewed Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 AI Agent: code-reviewer

Review Summary

This pull request introduces several security-focused improvements, including hardening Docker configurations, addressing potential vulnerabilities, and enhancing code quality. Below are the detailed observations and recommendations based on the changes made.

Security Issues

  1. CORS Configuration:

    • The change to use environment variables for allow_origins in the CORS middleware is a positive step towards preventing Cross-Site Scripting (XSS) attacks. However, ensure that the environment variable is properly validated to prevent misconfiguration.
    • Recommendation: Implement a whitelist of allowed origins and validate the input to ensure it does not allow unintended origins. This is crucial to mitigate potential XSS attacks.
    • Flag: 💡 SUGGESTION

  2. Secret Management:

    • The addition of .dockerignore entries to exclude sensitive files (like .env, .key, etc.) from the Docker build context is commendable. This helps prevent accidental exposure of secrets.
    • Recommendation: Ensure that secrets are managed securely throughout the application lifecycle, including during development and deployment.
    • Flag: 💡 SUGGESTION

  3. Potential Secrets Exposure:

    • The modification in secret-scanning.yml to redact potential secrets in the output is a good practice. However, ensure that the scanning tool is comprehensive and regularly updated to catch new patterns.
    • Recommendation: Consider integrating automated secret scanning tools in the CI pipeline to catch secrets before they are committed.
    • Flag: 💡 SUGGESTION

Code Quality and Best Practices

  1. Dockerfile Hardening:

    • Pinning the Python version in the Dockerfile to a specific digest is a good practice as it ensures consistency and security. However, consider regularly updating the base image to include security patches.
    • Recommendation: Set up a process to regularly review and update the base images used in Dockerfiles.
    • Flag: 💡 SUGGESTION

  2. Thread Safety:

    • There are no explicit changes related to thread safety in this PR. Ensure that any shared resources in the application are properly synchronized to avoid race conditions, especially in concurrent agent execution scenarios.
    • Recommendation: Review the codebase for potential thread safety issues, particularly in shared state management.
    • Flag: 💡 SUGGESTION

  3. Type Safety and Pydantic Validation:

    • Ensure that all data models using Pydantic are thoroughly validated. This is crucial for maintaining type safety and preventing unexpected behavior.
    • Recommendation: Review all Pydantic models for proper validation rules and types.
    • Flag: 💡 SUGGESTION

Potential Breaking Changes

  1. CORS Configuration Change:
    • Changing the allow_origins from ["*"] to a dynamic list based on environment variables could lead to breaking changes if not properly managed. If the environment variable is not set, it defaults to localhost origins, which may not be the intended behavior in all environments.
    • Recommendation: Document this change clearly and ensure that users are aware of the need to set the CORS_ALLOWED_ORIGINS environment variable.
    • Flag: 🟡 WARNING

Conclusion

Overall, the changes in this pull request significantly enhance the security posture of the agent-governance-toolkit. However, attention should be given to validating configurations, managing secrets, and ensuring thread safety. The recommendations provided aim to further strengthen the security and reliability of the library.

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 15, 2026

🤖 AI Agent: test-generator — `packages/agent-hypervisor/src/hypervisor/api/server.py`

🧪 Test Coverage Analysis

packages/agent-hypervisor/src/hypervisor/api/server.py

  • Existing coverage:
    • Basic functionality of the create_app function.
    • Middleware integration, including CORSMiddleware.
  • Missing coverage:
    • Validation of the CORS_ALLOWED_ORIGINS environment variable.
    • Edge cases for malformed or empty CORS_ALLOWED_ORIGINS values.
    • Scenarios where CORS_ALLOWED_ORIGINS contains invalid URLs or unexpected formats.
  • 💡 Suggested test cases:
    1. test_cors_allowed_origins_env_variable — Ensure the application correctly parses and applies the CORS_ALLOWED_ORIGINS environment variable when set.
    2. test_cors_allowed_origins_empty — Verify behavior when CORS_ALLOWED_ORIGINS is an empty string.
    3. test_cors_allowed_origins_invalid_format — Test the application's response to invalid or malformed URLs in CORS_ALLOWED_ORIGINS.
    4. test_cors_default_fallback — Confirm that the default fallback (http://localhost:3000,http://localhost:8080) is applied when the environment variable is unset.

packages/agent-os/src/agent_os/server/app.py

  • Existing coverage:
    • Core application initialization and routing.
    • Basic middleware integration.
  • Missing coverage:
    • No changes were made to this file in the provided diff, so no new missing coverage was introduced.
  • 💡 Suggested test cases:
    • No new test cases are required for this file based on the current diff.

packages/agent-sre/src/agent_sre/api/server.py

  • Existing coverage:
    • Core API server initialization.
    • Basic endpoint functionality.
  • Missing coverage:
    • No changes were made to this file in the provided diff, so no new missing coverage was introduced.
  • 💡 Suggested test cases:
    • No new test cases are required for this file based on the current diff.

General Observations

  1. Policy Evaluation: No policy evaluation logic was modified in the provided diff.
  2. Trust Scoring: No trust scoring logic was modified in the provided diff.
  3. Chaos Experiments: No chaos-related logic was modified in the provided diff.
  4. Concurrency: No concurrency-related logic was modified in the provided diff.
  5. Input Validation: The changes to CORS_ALLOWED_ORIGINS introduce potential input validation concerns, as noted in the suggested test cases.

Summary

The primary focus for new test cases should be on the changes to packages/agent-hypervisor/src/hypervisor/api/server.py, specifically around the handling of the CORS_ALLOWED_ORIGINS environment variable. The other files did not have relevant changes that impact test coverage.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

agent-hypervisor agent-hypervisor package agent-mesh agent-mesh package agent-sre agent-sre package ci/cd CI/CD and workflows dependencies Pull requests that update a dependency file documentation Improvements or additions to documentation integration/mastra-agentmesh security Security-related issues size/XL Extra large PR (500+ lines)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@imran-siddique