mirror of
https://github.com/harivansh-afk/sandbox-agent.git
synced 2026-04-16 04:02:01 +00:00
feat: [US-041] - Restrict crawl endpoint to http/https schemes only
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Nathan Flurry
parent
1bd7ef9219
commit
a9629c91ea
5 changed files with 151 additions and 13 deletions
|
|
@ -670,7 +670,7 @@
|
|||
"Tests pass"
|
||||
],
|
||||
"priority": 41,
|
||||
"passes": false,
|
||||
"passes": true,
|
||||
"notes": "SECURITY: file:// URLs combined with --no-sandbox Chromium lets anyone read arbitrary files via the crawl endpoint. The crawl link filter explicitly allows file:// scheme and extract_links collects file: hrefs."
|
||||
},
|
||||
{
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue