security: validate PERCY_CLI_API to loopback (PER-8913/8917/8918/8919, mitigates 8914)#239
Open
Shivanshu-07 wants to merge 1 commit into
Open
security: validate PERCY_CLI_API to loopback (PER-8913/8917/8918/8919, mitigates 8914)#239Shivanshu-07 wants to merge 1 commit into
Shivanshu-07 wants to merge 1 commit into
Conversation
…, mitigates 8914) PERCY_CLI_API was read from the environment with no validation and used as the base for every outbound call, as the source of the @percy/dom script injected and executed in the browser (incl. into cross-origin iframes), and its healthcheck response drives the session-type auth gate. An attacker-controlled value enables SSRF, CLI-fetched-JS code execution, and an auth-gate bypass. Add _resolve_cli_api_address(): loopback-only by default (localhost/127.0.0.1/ ::1); a remote host is allowed only over HTTPS with an explicit PERCY_ALLOW_REMOTE_CLI_API opt-in, otherwise warn and fall back to http://localhost:5338. This one root fix covers: PER-8919 (CWE-918 SSRF), PER-8913 (CWE-306 session-gate bypass via attacker CLI URL), PER-8917 (CWE-494 externally-fetched JS without integrity), PER-8918 (CWE-79 unverified script injected into cross-origin iframe — source now loopback-only), and mitigates PER-8914 (the lru-cached DOM script can now only be fetched from the trusted local CLI). Adds unit tests for the validator (loopback allow, remote/link-local reject, https opt-in). Note: option payloads are already JSON-encoded via json.dumps, so they are not string-interpolated into execute_script. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Five High runtime findings in
@percy/selenium-python(deadline 2026-06-22) share one root: an unvalidatedPERCY_CLI_API.execute_scriptRoot cause + fix
PERCY_CLI_APIwas read from the env with no validation and used as (a) the base for all outbound calls, (b) the source of the@percy/domscript injected/executed in the page (and into cross-origin iframes), and (c) the origin of the healthcheck that drives the session-type auth gate. A hostile value is therefore SSRF + CLI-fetched-JS RCE + auth-gate bypass.Added
_resolve_cli_api_address(): loopback-only (localhost/127.0.0.1/::1) by default; a remote host is allowed only over HTTPS with an explicitPERCY_ALLOW_REMOTE_CLI_APIopt-in; otherwise it warns and falls back tohttp://localhost:5338.Because the injected DOM script and the cached script can now only come from a loopback CLI, this single fix closes 8919/8913/8917/8918 and mitigates 8914 (the lru-cached script is now trusted-source).
Verification
169.254.169.254reject; https opt-in). Added aTestResolveCliApiAddressunit class.json.dumps, so they aren't string-interpolated intoexecute_script.Closes PER-8913, PER-8917, PER-8918, PER-8919; mitigates PER-8914. (The 06-22 chain tickets for this repo close once their linked components are resolved.)
🤖 Generated with Claude Code