Skip to content

fix: harden SFTP host verification and Electron windows#1

Merged
tomertec merged 2 commits into
mainfrom
fix/security-hardening-and-roadmap
Apr 12, 2026
Merged

fix: harden SFTP host verification and Electron windows#1
tomertec merged 2 commits into
mainfrom
fix/security-hardening-and-roadmap

Conversation

@tomertec

@tomertec tomertec commented Apr 12, 2026

Copy link
Copy Markdown
Owner

Summary

  • SFTP drag-out path traversal protection — sanitizes filenames to reject ../, path separators, and control characters
  • Renderer URL allowlisting — only permits file:// and localhost origins for the renderer
  • Navigation & popup guardswill-navigate blocks cross-origin navigation, setWindowOpenHandler denies all popups
  • BrowserWindow sandbox — enables sandbox: true on both main and editor windows
  • SFTP host key verification — passes trusted fingerprints from the DB to ssh2's hostVerifier callback (SHA256)
  • Platform-agnostic test fix — drag-out security test uses path.resolve/path.join instead of hardcoded Unix paths

Test plan

  • pnpm build passes
  • All new security unit tests pass (windowSecurity, sftpIpc.security, sftpTransport.security)
  • Existing main.lifecycle tests updated and passing
  • Manual: launch app, verify SFTP browsing and file editor work with sandbox enabled
  • Manual: verify window.open() is blocked in DevTools console
  • Manual: SFTP drag-out to desktop still works for normal filenames

🤖 Generated with Claude Code

Tomer Vaknin and others added 2 commits April 11, 2026 23:32
@claude
feat(sftp): status bar with file stats and mouse-drag multi-select
e925894 
Add SftpStatusBar component showing folder/file count and total size
per pane, with selection-aware stats. Implement click-and-drag range
selection in FileList by tracking mousedown/mouseenter gestures and
making draggable conditional on existing selection.

Also address codebase audit findings: add stream error handler in
execCommand, catch unhandled dialog promise, return value from
setSignals IPC handler, remove debug console.log statements, fix
useState initializers, type-safe protocol cast, and update .gitignore.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@claude
fix: security hardening and SFTP drag-out to OS
9224075 
Security hardening:
- SFTP drag-out path traversal protection (resolveSafeDragOutPath)
- Renderer URL allowlisting (only localhost/file:// origins)
- Navigation guards (will-navigate blocks cross-origin, deny all popups)
- SFTP host key verification via trusted fingerprints from DB

SFTP drag-out fixes:
- Use native SCP instead of ssh2 streams (which fail with SSH_FX_FAILURE)
- Pre-cache files on selection so startDrag fires instantly on drag
- Support directory drag-out with scp -r
- Fallback icon when app.getFileIcon fails
- Graceful error handling for SCP failures
- Platform-agnostic test paths

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@tomertec tomertec force-pushed the fix/security-hardening-and-roadmap branch from 9432e64 to 9224075 Compare April 12, 2026 18:03
@tomertec tomertec merged commit 25e5811 into main Apr 12, 2026
4 checks passed
@tomertec tomertec deleted the fix/security-hardening-and-roadmap branch April 12, 2026 18:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tomertec