π‘οΈ Sentinel: [CRITICAL] Fix interactive readline DoS vulnerability#137
π‘οΈ Sentinel: [CRITICAL] Fix interactive readline DoS vulnerability#137seonghobae wants to merge 4 commits into
Conversation
In interactive sessions, `readline()` historically relied on a weak regex `^[0-9]+$` to validate input. This permitted arbitrarily large strings, which coerced to `NA_integer_` and broke conditionals, resulting in crashes. The regex was strictly bounded to `^[12]$` ensuring only correct menu selections are permitted. Included `mockery` coverage for testing.
|
π Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a π emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
There was a problem hiding this comment.
Pull request overview
OpenCode cannot approve yet because required coverage evidence did not pass.
Review outcome
1. HIGH .github/workflows/opencode-review.yml:1 - Coverage evidence did not prove required test/docstring evidence
-
Problem: The required coverage-evidence job result was
failure, so OpenCode cannot establish approval sufficiency for this head. -
Root cause: Automated approval is only valid when the same-head coverage-evidence job proves supported repository test suites passed and configured docstring gates passed or were advisory, or reports not applicable because no supported source files or package manifests exist. Missing, failed, skipped, unavailable, or unsupported-tooling test evidence is a blocker.
-
Fix: Install or configure the repository test/docstring evidence tooling when source files or package manifests exist, rerun the current-head coverage-evidence job, and approve only after it reports
successwith required evidence or explicit no-source not-applicable evidence. -
Regression test: Keep the approval branch checking
needs.coverage-evidence.result == successbefore posting APPROVE, and publish REQUEST_CHANGES when coverage-evidence blocker states such as cancelled, skipped, failed, unsupported-tooling, or below-100 evidence are present. -
Result: REQUEST_CHANGES
-
Reason: coverage-evidence result was
failure, so required test/docstring evidence was not proven for current headdc8cee52529b187e24d0d040e37055c22a1bbb11. -
Head SHA:
dc8cee52529b187e24d0d040e37055c22a1bbb11 -
Workflow run: 29348137515
-
Workflow attempt: 1
Coverage evidence
Coverage Decision
- Result: FAIL
- Test evidence: not proven passing
- Docstring evidence: not proven passing when configured
- Failure count: 1
Changed-File Evidence Map
flowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Changed file (2 files)"]
S1 --> I1["repository behavior"]
I1 --> R1["Review risk: Changed file (2 files)"]
R1 --> V1["required checks"]
Evidence --> S2["Test: test-sentinel-validation.R"]
S2 --> I2["regression suite"]
I2 --> R2["Review risk: Test: test-sentinel-validation.R"]
R2 --> V2["targeted test run"]
OpenCode Review Overview
Pull request overviewOpenCode cannot approve yet because required coverage evidence did not pass. Review outcome1. HIGH .github/workflows/opencode-review.yml:1 - Coverage evidence did not prove required test/docstring evidence
Coverage evidenceCoverage Decision
Changed-File Evidence Mapflowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Changed file (3 files)"]
S1 --> I1["repository behavior"]
I1 --> R1["Review risk: Changed file (3 files)"]
R1 --> V1["required checks"]
Evidence --> S2["Test: test-sentinel-validation.R"]
S2 --> I2["regression suite"]
I2 --> R2["Review risk: Test: test-sentinel-validation.R"]
R2 --> V2["targeted test run"]
|
In interactive sessions, `readline()` historically relied on a weak regex `^[0-9]+$` to validate input. This permitted arbitrarily large strings, which coerced to `NA_integer_` and broke conditionals, resulting in crashes. The regex was strictly bounded to `^[12]$` ensuring only correct menu selections are permitted. Included `mockery` coverage for testing. Added mockery to Suggests in DESCRIPTION to satisfy R CMD check constraints.
There was a problem hiding this comment.
Pull request overview
OpenCode cannot approve yet because required coverage evidence did not pass.
Review outcome
1. HIGH .github/workflows/opencode-review.yml:1 - Coverage evidence did not prove required test/docstring evidence
-
Problem: The required coverage-evidence job result was
failure, so OpenCode cannot establish approval sufficiency for this head. -
Root cause: Automated approval is only valid when the same-head coverage-evidence job proves supported repository test suites passed and configured docstring gates passed or were advisory, or reports not applicable because no supported source files or package manifests exist. Missing, failed, skipped, unavailable, or unsupported-tooling test evidence is a blocker.
-
Fix: Install or configure the repository test/docstring evidence tooling when source files or package manifests exist, rerun the current-head coverage-evidence job, and approve only after it reports
successwith required evidence or explicit no-source not-applicable evidence. -
Regression test: Keep the approval branch checking
needs.coverage-evidence.result == successbefore posting APPROVE, and publish REQUEST_CHANGES when coverage-evidence blocker states such as cancelled, skipped, failed, unsupported-tooling, or below-100 evidence are present. -
Result: REQUEST_CHANGES
-
Reason: coverage-evidence result was
failure, so required test/docstring evidence was not proven for current headfcb2e89dc58042930e7fd168ae8364878ea542da. -
Head SHA:
fcb2e89dc58042930e7fd168ae8364878ea542da -
Workflow run: 29348849961
-
Workflow attempt: 1
Coverage evidence
Coverage Decision
- Result: FAIL
- Test evidence: not proven passing
- Docstring evidence: not proven passing when configured
- Failure count: 1
Changed-File Evidence Map
flowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Changed file (3 files)"]
S1 --> I1["repository behavior"]
I1 --> R1["Review risk: Changed file (3 files)"]
R1 --> V1["required checks"]
Evidence --> S2["Test: test-sentinel-validation.R"]
S2 --> I2["regression suite"]
I2 --> R2["Review risk: Test: test-sentinel-validation.R"]
R2 --> V2["targeted test run"]
In interactive sessions, `readline()` historically relied on a weak regex `^[0-9]+$` to validate input. This permitted arbitrarily large strings, which coerced to `NA_integer_` and broke conditionals, resulting in crashes. The regex was strictly bounded to `^[12]$` ensuring only correct menu selections are permitted. Included `mockery` coverage for testing. Added mockery to Suggests in DESCRIPTION to satisfy R CMD check constraints and also regenerated documentation with `devtools::document()`.
There was a problem hiding this comment.
Pull request overview
OpenCode cannot approve yet because required coverage evidence did not pass.
Review outcome
1. HIGH .github/workflows/opencode-review.yml:1 - Coverage evidence did not prove required test/docstring evidence
-
Problem: The required coverage-evidence job result was
failure, so OpenCode cannot establish approval sufficiency for this head. -
Root cause: Automated approval is only valid when the same-head coverage-evidence job proves supported repository test suites passed and configured docstring gates passed or were advisory, or reports not applicable because no supported source files or package manifests exist. Missing, failed, skipped, unavailable, or unsupported-tooling test evidence is a blocker.
-
Fix: Install or configure the repository test/docstring evidence tooling when source files or package manifests exist, rerun the current-head coverage-evidence job, and approve only after it reports
successwith required evidence or explicit no-source not-applicable evidence. -
Regression test: Keep the approval branch checking
needs.coverage-evidence.result == successbefore posting APPROVE, and publish REQUEST_CHANGES when coverage-evidence blocker states such as cancelled, skipped, failed, unsupported-tooling, or below-100 evidence are present. -
Result: REQUEST_CHANGES
-
Reason: coverage-evidence result was
failure, so required test/docstring evidence was not proven for current headc0b5298be5feb4f4c3bee1158c58196b53f8ff27. -
Head SHA:
c0b5298be5feb4f4c3bee1158c58196b53f8ff27 -
Workflow run: 29350278170
-
Workflow attempt: 1
Coverage evidence
Coverage Decision
- Result: FAIL
- Test evidence: not proven passing
- Docstring evidence: not proven passing when configured
- Failure count: 1
Changed-File Evidence Map
flowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Changed file (3 files)"]
S1 --> I1["repository behavior"]
I1 --> R1["Review risk: Changed file (3 files)"]
R1 --> V1["required checks"]
Evidence --> S2["Test: test-sentinel-validation.R"]
S2 --> I2["regression suite"]
I2 --> R2["Review risk: Test: test-sentinel-validation.R"]
R2 --> V2["targeted test run"]
In interactive sessions, `readline()` historically relied on a weak regex `^[0-9]+$` to validate input. This permitted arbitrarily large strings, which coerced to `NA_integer_` and broke conditionals, resulting in crashes. The regex was strictly bounded to `^[12]$` ensuring only correct menu selections are permitted. Included `mockery` coverage for testing. Added mockery to Suggests in DESCRIPTION to satisfy R CMD check constraints and also regenerated documentation with `devtools::document()`. Reverting an accidental `RoxygenNote` change to fix coverage-evidence failure.
There was a problem hiding this comment.
Pull request overview
OpenCode cannot approve yet because required coverage evidence did not pass.
Review outcome
1. HIGH .github/workflows/opencode-review.yml:1 - Coverage evidence did not prove required test/docstring evidence
-
Problem: The required coverage-evidence job result was
failure, so OpenCode cannot establish approval sufficiency for this head. -
Root cause: Automated approval is only valid when the same-head coverage-evidence job proves supported repository test suites passed and configured docstring gates passed or were advisory, or reports not applicable because no supported source files or package manifests exist. Missing, failed, skipped, unavailable, or unsupported-tooling test evidence is a blocker.
-
Fix: Install or configure the repository test/docstring evidence tooling when source files or package manifests exist, rerun the current-head coverage-evidence job, and approve only after it reports
successwith required evidence or explicit no-source not-applicable evidence. -
Regression test: Keep the approval branch checking
needs.coverage-evidence.result == successbefore posting APPROVE, and publish REQUEST_CHANGES when coverage-evidence blocker states such as cancelled, skipped, failed, unsupported-tooling, or below-100 evidence are present. -
Result: REQUEST_CHANGES
-
Reason: coverage-evidence result was
failure, so required test/docstring evidence was not proven for current head7666e6484e993f1276e928ccee7aa334eb603513. -
Head SHA:
7666e6484e993f1276e928ccee7aa334eb603513 -
Workflow run: 29351801405
-
Workflow attempt: 1
Coverage evidence
Coverage Decision
- Result: FAIL
- Test evidence: not proven passing
- Docstring evidence: not proven passing when configured
- Failure count: 1
Changed-File Evidence Map
flowchart LR
PR["PR changed files"] --> Evidence["OpenCode bounded evidence"]
Evidence --> S1["Changed file (3 files)"]
S1 --> I1["repository behavior"]
I1 --> R1["Review risk: Changed file (3 files)"]
R1 --> V1["required checks"]
Evidence --> S2["Test: test-sentinel-validation.R"]
S2 --> I2["regression suite"]
I2 --> R2["Review risk: Test: test-sentinel-validation.R"]
R2 --> V2["targeted test run"]
π¨ Severity: CRITICAL
π‘ Vulnerability:
aFIPC.RνμΌ λ΄μμ μ¬μ©μ μ λ ₯μ λ°λ λνν(interactive) ν¨μ(readline)μ μ μ©λ μ λ ₯ μ ν¨μ± κ²μ¬ μ κ·μμ΄^[0-9]+$λ‘ λμ¨νκ² μμ±λμ΄ μμμ΅λλ€. μ΄λ₯Ό ν΅ν΄ μ μμ μΌλ‘ ν° μ«μ (μ:"99999999999999999999")κ° μ λ ₯λ κ²½μ°,as.integer()λ³ν μNAκ° λ°νλμ΄ λΆκΈ°λ¬Έ(if)μ΄ κΉ¨μ§κ³ νλ‘μΈμ€κ° ν¬λμ(condition has length > 1)λλ DoS(μλΉμ€ κ±°λΆ) μ·¨μ½μ μ΄ λ°μν μ μμμ΅λλ€.π― Impact: μλνλ μμ€ν μ΄κ±°λ νΉμ μ μμ μ¬μ©μ νκ²½μμ ν° κ°μ΄ μ λ ₯λ κ²½μ° λ¬΄ν 루ν λλ ν¬λμλ₯Ό μ λ°νμ¬ μ ν리μΌμ΄μ μ μ μμ μΈ μλμ λ§λΉμν¬ μ μμ΅λλ€.
π§ Fix:
checkCorrect(),checkoldformBILOGprior(),checknewformBILOGprior()3κ³³μμ μ¬μ©νλ μ κ·μμ^[12]$λ‘ μ격νκ² μμ νμ¬ μ€μ§ '1' λλ '2'λ§ μ λ ₯ κ°λ₯νλλ‘ μ ννμ΅λλ€.β Verification: μμ ν
mockeryλΌμ΄λΈλ¬λ¦¬λ₯Ό μ΄μ©νμ¬readline()νΈμΆμ "99999999999999999999" λ±μ μ½μ νμ λ μλλ λλ‘ μ¬μλ λ° κ±°λΆκ° λ°μνλμ§ κ²μ¦νλ ν μ€νΈ μ½λ(test-sentinel-validation.R)λ₯Ό μΆκ°νμΌλ©°, μ 체 ν μ€νΈ(58건)κ° μ±κ³΅μ μΌλ‘ ν΅κ³Όν¨μ νμΈνμ΅λλ€. (Rscript -e 'devtools::test()')PR created automatically by Jules for task 11118553040042817305 started by @seonghobae