lthn/ai-ethics
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ai-ethics/LEK/v1/data/gemini-3.0-flash-angular-unsigned.md
Claude 8645745df1
feat(LEK): add LEK-1 behavioral influence report 
Documents the A/B testing results of prepending the Axioms kernel to
Gemini 2.5 Flash and 3.0 Flash security audit prompts. Key finding:
+700% High-severity inflation on 2.5, zero effect on 3.0 — suggesting
3.0 internalized the ethical framework during training.

Includes raw audit data, methodology, and statistical analysis across
3 model types (2.5 Flash, 3.0 Flash, 3.0 Pro).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-10 17:21:17 +00:00

6.5 KiB
Raw Permalink Blame History

This security review analyzes the BugSETI Angular frontend. The application appears to be a desktop-integrated tool (likely using Wails, given the window.go and window.wails references) for managing Open Source contributions.

1. Critical: Cross-Site Scripting (XSS) via Security Bypass

Severity: Critical (CVSS 9.1) Location: app/jellyfin/jellyfin.component.ts -> load() and normalizeBase()

Issue: The application uses DomSanitizer.bypassSecurityTrustResourceUrl on the serverUrl variable, which is directly bound to a user-controlled input field via [(ngModel)].

load(): void {
  const base = this.normalizeBase(this.serverUrl);
  this.safeWebUrl = this.sanitizer.bypassSecurityTrustResourceUrl(`${base}/web/index.html`);
  // ...
}

An attacker can input a URI like javascript:alert(document.cookie) or data:text/html,<script>top.window.go.main.ConfigService.SetConfig(...)</script>. Since this is a desktop application (Wails), an XSS in the iframe or a navigation to a malicious URI can potentially access the window.go bindings, leading to Remote Code Execution (RCE) on the user's machine by manipulating local configuration or executing system commands.

Recommendation:

  1. Validate the URL: Use a strict allowlist for protocols (only https:) and validate the domain using a Regular Expression.
  2. Avoid Bypassing: If the goal is to embed a known trusted server, do not let the user type the full URL, or use a backend proxy.
  3. Sanitize: If you must allow user input, ensure the input is a valid URL object before trust is granted.

Impact: Complete compromise of the local machine. An attacker could craft a malicious "Jellyfin Server" URL that, when loaded, steals GitHub credentials or executes arbitrary code via the Wails bridge.

2. High: Missing Content Security Policy (CSP)

Severity: High (CVSS 7.5) Location: index.html

Issue: There is no Content Security Policy (CSP) defined in the <head> of the document or via headers.

In a Wails/Electron environment, the frontend has a bridge to the operating system. Without a CSP, any XSS vulnerability (like the one found in Finding #1) is unmitigated. There is nothing preventing the application from connecting to malicious external domains or executing inline scripts.

Recommendation: Implement a strict CSP. At a minimum:

<meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self'; connect-src 'self' https://api.github.com; frame-src https://media.lthn.ai; style-src 'self' 'unsafe-inline';">

Note: Adjust frame-src to only allow trusted media providers.

Impact: Increases the success rate of XSS attacks and allows data exfiltration to attacker-controlled servers.

3. High: Potential Command Injection / Path Traversal via Configuration

Severity: High (CVSS 8.2) Location: app/settings/settings.component.ts -> config.workspaceDir and config.marketplaceMcpRoot

Issue: The application allows users to input arbitrary file paths for workspaceDir and marketplaceMcpRoot. These values are passed to the backend via ConfigService.SetConfig(this.config).

If the backend (Go code) uses these paths in shell commands (e.g., cd {workspaceDir} && git clone ...) or file system operations without rigorous validation, a user (or a malicious config file) could inject commands: workspaceDir = "; rm -rf / ;" or ../../../../etc/passwd.

Recommendation:

  1. Frontend: Use a directory picker (Wails Runtime.OpenDirectoryDialog) instead of a raw text input to ensure the path is a valid system path.
  2. Backend: (Crucial) The Go service must validate that the path exists, is a directory, and does not contain shell metacharacters.

Impact: Local filesystem manipulation, data loss, or arbitrary command execution on the host OS.

4. Medium: Sensitive Data Exposure (API Keys in UI)

Severity: Medium (CVSS 5.3) Location: app/jellyfin/jellyfin.component.ts -> Template (API Key Input)

Issue: The Jellyfin API Key is collected via a standard text input:

<input class="form-input" [(ngModel)]="apiKey" placeholder="Jellyfin API key" />

By default, class="form-input" (likely a standard <input type="text">) does not mask input. API keys are sensitive credentials and should be treated like passwords.

Recommendation: Change the input type to password:

<input type="password" class="form-input" [(ngModel)]="apiKey" ... />

Impact: "Shoulder surfing" or accidental screen-sharing exposure of the user's Jellyfin API key.

5. Medium: Insecure Update Link Navigation

Severity: Medium (CVSS 4.3) Location: app/settings/updates.component.ts -> [href]="checkResult.release.htmlUrl"

Issue: The application renders a link to "View Release Notes" using data fetched from an external update service.

<a *ngIf="checkResult.release?.htmlUrl" [href]="checkResult.release.htmlUrl" target="_blank">

If the update server or the API response is compromised (MITM or server-side hack), an attacker can point this URL to a phishing site or a malicious executable download. Users are highly likely to trust links inside an "Update Available" dialog.

Recommendation:

  1. Validate the Domain: Ensure the URL points to the official GitHub repository or a trusted domain before rendering.
  2. Rel-Noopener: Add rel="noopener noreferrer" to the link to prevent tab-nabbing.

Impact: Phishing or distribution of malware under the guise of official software updates.

6. Low: Use of alert() for Error Handling

Severity: Low (CVSS 2.0) Location: app/workbench/workbench.component.ts and app/settings/settings.component.ts

Issue: The application uses alert() to display success and error messages (e.g., alert('Settings saved!')).

Recommendation: Use a non-blocking UI notification system (Toast/Snackbars). alert() is synchronous and freezes the browser UI thread, which can be used in "denial of service" UI attacks or simply provides a poor, potentially confusing user experience.

Impact: Minor UX degradation and potential for UI locking.

Summary of Findings

Finding Severity Category
XSS via Sanitizer Bypass Critical Injection
Missing CSP High Security Misconfiguration
Path/Command Injection Risk High Injection
API Key Exposure Medium Cryptographic Failures
Insecure Update Links Medium Broken Access Control