mirror of
https://github.com/aaif-goose/goose.git
synced 2026-07-03 14:10:03 +02:00
86e0ced494
The ACP transport (/acp) is served on loopback and, in CLI mode, is unauthenticated while being able to spawn shells via the default `developer` builtin. Its CORS layer used `allow_origin(Any)`, returning `Access-Control-Allow-Origin: *` to any origin. This let a malicious website the victim visits drive the agent from the browser (CSRF -> RCE). See CWE-942. Replace the wildcard with an origin predicate that only permits origins legitimate local clients use: - `null` (Electron file:// renderer) - loopback origins (localhost, 127.0.0.1, ::1) on any scheme/port Arbitrary web origins, including look-alikes like localhost.evil.example, are rejected. Also gate the test-only `clear_env` builder behind the `aws-providers` feature (its only call sites), fixing a dead-code clippy warning that blocked `cargo clippy --all-targets -- -D warnings`. Fixes project-loupe/audit-goose#2