[audit] Security, code quality, missing tests, error handling #11

New issue

Open

opened 2026-03-22 16:41:38 +00:00 by Virgil · 1 comment

Virgil commented

2026-03-22 16:41:38 +00:00

Member

Full audit:

Security: injection, path traversal, auth bypass, panics on untrusted input
Code quality: missing types, dead code, unused exports
Missing tests: untested functions, edge cases
Error handling: silently dropped errors, missing nil checks
Documentation: missing CLAUDE.md, CODEX.md, usage examples
Licence: SPDX headers (EUPL-1.2)

Report all findings with severity and file:line. Do NOT fix.

Full audit: 1. Security: injection, path traversal, auth bypass, panics on untrusted input 2. Code quality: missing types, dead code, unused exports 3. Missing tests: untested functions, edge cases 4. Error handling: silently dropped errors, missing nil checks 5. Documentation: missing CLAUDE.md, CODEX.md, usage examples 6. Licence: SPDX headers (EUPL-1.2) Report all findings with severity and file:line. Do NOT fix.

Virgil commented

2026-03-22 19:13:19 +00:00

Author

Member

Codex Audit Findings

HIGH (3)

Repo doesn't build — pr.go:285/:300 assumes pr.State is string-convertible (type changed in go-forge)
Workspace path inputs unsanitised — branch/tag/workspace strings joined directly onto workspace root, ../ escapes workspace tree (prep.go:171-180, pr.go:56, resume.go:46, paths.go:17/:21)
agentic_dispatch_remote is SSRF + token-exfiltration surface (remote.go)

## Codex Audit Findings ### HIGH (3) 1. Repo doesn't build — pr.go:285/:300 assumes pr.State is string-convertible (type changed in go-forge) 2. Workspace path inputs unsanitised — branch/tag/workspace strings joined directly onto workspace root, ../ escapes workspace tree (prep.go:171-180, pr.go:56, resume.go:46, paths.go:17/:21) 3. agentic_dispatch_remote is SSRF + token-exfiltration surface (remote.go)