fix(security): patch 4 critical vulnerabilities#246
Merged
yaojin3616 merged 4 commits intodataelement:mainfrom Apr 13, 2026
Merged
fix(security): patch 4 critical vulnerabilities#246yaojin3616 merged 4 commits intodataelement:mainfrom
yaojin3616 merged 4 commits intodataelement:mainfrom
Conversation
Security audit identified 4 critical issues. All patched with minimal changes. 1. Unauthenticated API key generation (gateway.py) - Added Depends(get_current_user) + creator/admin role check - Used existing check_agent_access() for consistent auth 2. API keys stored in plaintext (enterprise.py, agents.py, task_executor.py) - LLM API keys: encrypt with existing encrypt_data()/decrypt_data() (AES-256) - Agent API keys: hash with SHA-256 (consistent with create flow) 3. Default JWT secrets accepted in production (main.py) - Startup check: refuse to boot with "change-me" secrets unless DEBUG=true 4. Multi-tenant isolation gaps (permissions.py, plaza.py, task_executor.py) - check_agent_access(): validate tenant_id match for non-admin users - Plaza API: enforce tenant from JWT, not optional query parameter - LLM model lookup: filter by agent's tenant_id
Contributor
…up dead imports - Add auth + tenant isolation to create_post, get_post, create_comment, like_post - Add tenant check to delete_post - Fix except (ValueError, Exception) → except ValueError in llm_utils.py and main.py - Re-add LLM API key migration at startup with correct exception handling - Remove unused imports: decrypt_data (task_executor), get_current_user/check_agent_access/is_agent_creator (gateway) - Remove dead imports from gateway.py: secrets, BackgroundTasks, update
lijiajun1997
added a commit
to lijiajun1997/Clawith
that referenced
this pull request
Apr 14, 2026
Sync with upstream: - A2A async communication improvements - Multiple new search engine tools (exa, tavily, google, bing, duckduckgo) - Security patches (dataelement#246) - Light theme CSS variables - Agent-to-agent message improvements - Message history loading (latest 500) Conflict resolutions: - agent_tools.py: keep zhipu_search + _convert_markdown (audit-firm) + all new search tools (dataelement) - websocket.py: keep fallback_model + on_notify + max_tool_rounds_override - config.py: keep both LLM_RETRY_MAX and EXA_API_KEY - tool_seeder.py: keep zhipu + exa engines, is_default=True - index.css: keep [data-theme="light"] block + audit-firm login-field styles
nap-liu
pushed a commit
to nap-liu/Clawith
that referenced
this pull request
Apr 16, 2026
* fix(security): patch 4 critical vulnerabilities Security audit identified 4 critical issues. All patched with minimal changes. 1. Unauthenticated API key generation (gateway.py) - Added Depends(get_current_user) + creator/admin role check - Used existing check_agent_access() for consistent auth 2. API keys stored in plaintext (enterprise.py, agents.py, task_executor.py) - LLM API keys: encrypt with existing encrypt_data()/decrypt_data() (AES-256) - Agent API keys: hash with SHA-256 (consistent with create flow) 3. Default JWT secrets accepted in production (main.py) - Startup check: refuse to boot with "change-me" secrets unless DEBUG=true 4. Multi-tenant isolation gaps (permissions.py, plaza.py, task_executor.py) - check_agent_access(): validate tenant_id match for non-admin users - Plaza API: enforce tenant from JWT, not optional query parameter - LLM model lookup: filter by agent's tenant_id * fix(security): complete plaza auth, tighten exception handling, cleanup dead imports - Add auth + tenant isolation to create_post, get_post, create_comment, like_post - Add tenant check to delete_post - Fix except (ValueError, Exception) → except ValueError in llm_utils.py and main.py - Re-add LLM API key migration at startup with correct exception handling - Remove unused imports: decrypt_data (task_executor), get_current_user/check_agent_access/is_agent_creator (gateway) - Remove dead imports from gateway.py: secrets, BackgroundTasks, update * fix: correct app.core.config → app.config in llm_utils --------- Co-authored-by: 沈锋 <shenfeng@shenfengdeMac-mini.local> Co-authored-by: yaojin <yaojin@58.com> Co-authored-by: 姚劲 <yaojin@dataelem.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Security audit identified 4 critical vulnerabilities. This PR patches all of them with minimal, focused changes (7 files, +63/-23 lines).
1. Unauthenticated API Key Generation (
gateway.py)POST /gateway/agents/{agent_id}/api-keyhad no authentication. AddedDepends(get_current_user)+ creator/admin role check using existingcheck_agent_access().2. API Keys Stored in Plaintext (
enterprise.py,agents.py,task_executor.py)encrypt_data()/decrypt_data()(AES-256-CBC)gateway.py)3. Default JWT Secrets Accepted in Production (
main.py)Added startup check: application refuses to boot if
SECRET_KEYorJWT_SECRET_KEYcontains"change-me"unlessDEBUG=true.4. Multi-Tenant Isolation Gaps (
permissions.py,plaza.py,task_executor.py)check_agent_access(): Added tenant_id validation for non-admin userslist_postsandplaza_statsnow require authentication and enforce tenant from JWTtenant_idfilter to prevent cross-tenant model accessTest Plan
POST /gateway/agents/{id}/api-keyreturns 401 without auth tokenapi_key_encryptedcolumn is ciphertext)GET /plaza/postswithout auth returns 401; with auth returns only own tenant's postsNotes
encrypt_data,check_agent_access,get_current_user) — no new dependencies🤖 Generated with Claude Code