All 3 cloud models converged on a real access-control bug; fixed it + the other genuine findings (the false-positives were dropped): Security (HIGH — all 3 models): - create_file_url skipped ValidateScope: a same-skill caller could mint a PUBLIC url for a file scoped to another user/run. Now runs ValidateScope (admin-aware), skipped only for the descendant-grant case — mirroring the read tools. Other real fixes: - ValidateScope hard-coded `false` at every call site (admin branch dead) -> pass inv.CallerIsAdmin (the executor sets it via the host AdminPolicy; still false/fail-closed when no admin). Stale "no admin flag" comment corrected. - create_file_url: ExpiresInSeconds clamped BEFORE the *time.Second multiply (huge values overflowed to a negative duration that slipped under the cap, minting already-expired tokens); swallowed json.Marshal error now returned. - RegisterMeta: build the default budget WITH the configured MaxPerRun (was NewInMemorySearchBudget(nil) -> hardcoded 10, ignoring MetaDeps.MaxPerRun). - classify: all-zero scores no longer return a false-positive top-1 winner; coerceClassifyScore uses strconv.ParseFloat (rejects trailing garbage like "50extra" that fmt.Sscanf silently accepted). - file_delete: honor the descendant grant (parent can clean up a worker's artifacts) — was the lone cross-skill-reject-outright file tool. - meta tools: input caps truncate at a UTF-8 rune boundary (truncateUTF8), not mid-rune. - think: removed the dead `var _ = fmt.Errorf` import-keeper; file_save default aligned to 16 MiB (matched RegisterStore). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
+2
-2
@@ -198,7 +198,7 @@ func loadSummarizeInput(ctx context.Context, inv tool.Invocation, args summarize
|
||||
if meta.SkillID != inv.SkillID {
|
||||
return "", false, fmt.Errorf("summarize: file does not belong to this skill")
|
||||
}
|
||||
if err := ValidateScope(inv, meta.Scope, false); err != nil {
|
||||
if err := ValidateScope(inv, meta.Scope, inv.CallerIsAdmin); err != nil {
|
||||
return "", false, fmt.Errorf("summarize: %w", err)
|
||||
}
|
||||
return capInput(string(content))
|
||||
@@ -210,7 +210,7 @@ func capInput(text string) (string, bool, error) {
|
||||
if len(text) <= summarizeMaxInputBytes {
|
||||
return text, false, nil
|
||||
}
|
||||
return text[:summarizeMaxInputBytes], true, nil
|
||||
return truncateUTF8(text, summarizeMaxInputBytes), true, nil
|
||||
}
|
||||
|
||||
// buildSummarizePrompt composes the user message handed to the LLM.
|
||||
|
||||
Reference in New Issue
Block a user