[Security] MEDIUM: Overly broad tail-file allowlist exposes ~/.cache credentials #16
Description
Severity: Medium
File: src/file-stream-manager.ts:400–406
Endpoint: GET /api/sessions/:id/tail-file
Description
The tail-file SSE endpoint allows streaming any file within these hardcoded paths:
const allowedPaths = [
normalizedWorkingDir,
'/var/log',
resolve(homedir(), '.local/share'), // ← includes keyrings
resolve(homedir(), '.cache'), // ← includes OAuth tokens, browser data
resolve(homedir(), 'logs'),
];Any authenticated user with a valid session can stream arbitrary files from ~/.cache or ~/.local/share.
Sensitive Files Accessible
| Path | Contents |
|---|---|
~/.cache/gh/hosts.yml |
GitHub CLI OAuth token |
~/.cache/google-chrome/Default/Cookies |
Chrome session cookies |
~/.cache/aws/ |
AWS credentials cache |
~/.local/share/keyrings/ |
GNOME keyring (may include SSH passwords) |
Proof of Concept
curl -b "codeman_session=TOKEN" \
"http://localhost:3000/api/sessions/SESSION_ID/tail-file?path=~/.cache/gh/hosts.yml"
# → streams GitHub CLI OAuth tokenRemediation
Remove ~/.cache and ~/.local/share from allowedPaths:
const allowedPaths = [
normalizedWorkingDir,
'/var/log',
resolve(homedir(), 'logs'),
];