-
Notifications
You must be signed in to change notification settings - Fork 1
gate: fix script context leakage and empty envelope parsing #56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -94,9 +94,19 @@ func parseWrkrInventory(content []byte) (map[string]WrkrToolMetadata, error) { | |
| } | ||
|
|
||
| entries := []item{} | ||
| var wrapped envelope | ||
| if err := json.Unmarshal(content, &wrapped); err == nil && len(wrapped.Items) > 0 { | ||
| entries = wrapped.Items | ||
| var wrappedRaw map[string]json.RawMessage | ||
| if err := json.Unmarshal(content, &wrappedRaw); err == nil { | ||
| if rawItems, ok := wrappedRaw["items"]; ok { | ||
| var wrapped envelope | ||
| if err := json.Unmarshal(rawItems, &wrapped.Items); err != nil { | ||
| return nil, fmt.Errorf("parse wrkr inventory: %w", err) | ||
| } | ||
| entries = wrapped.Items | ||
|
Comment on lines
+101
to
+104
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
This branch now accepts Useful? React with 👍 / 👎. |
||
| } else { | ||
| if err := json.Unmarshal(content, &entries); err != nil { | ||
| return nil, fmt.Errorf("parse wrkr inventory: %w", err) | ||
| } | ||
| } | ||
| } else { | ||
| if err := json.Unmarshal(content, &entries); err != nil { | ||
| return nil, fmt.Errorf("parse wrkr inventory: %w", err) | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
entriesis an array in registry envelopeThis parsing path also treats
{"entries":null}as valid because unmarshallingnullinto a slice returns no error, so invalid registry content is silently normalized to an empty set.cmd/gait/gate.goonly enters its fail-closed path for configured approved-script registries whenReadApprovedScriptRegistryreturns an error, so malformed registry state no longer surfaces as an unavailable/invalid registry in high-risk or oss-prod contexts.Useful? React with 👍 / 👎.