oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: fix medium-severity security issues
Some checks failed
CLI Tests / test-cli (push) Has been cancelled
Details
Security Scanning / security-scan (push) Has been cancelled
Details
API Endpoint Tests / test-api-endpoints (push) Successful in 2m12s
Details
Integration Tests / test-service-integration (push) Successful in 2m16s
Details
Python Tests / test-python (push) Successful in 3m23s
Details

Browse Source 
- Replace hardcoded /tmp directories with tempfile.gettempdir() (2 instances)
- Add 30-second timeouts to all HTTP requests in miner_management.py (4 instances)
- Skip agent_security.py temp directory fixes (configuration values, not insecure usage)
This commit is contained in:
aitbc
2026-04-18 10:44:08 +02:00
parent 8424902bee
commit d28222819c
2 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/coordinator-api/src/app/routers/confidential.py
View File

@@ -42,8 +42,9 @@ def get_encryption_service() -> EncryptionService:
if encryption_service is None:
# Initialize with key manager
from ..services.key_management import FileKeyStorage
import tempfile
key_storage = FileKeyStorage("/tmp/aitbc_keys")
key_storage = FileKeyStorage(tempfile.gettempdir() + "/aitbc_keys")
key_manager = KeyManager(key_storage)
encryption_service = EncryptionService(key_manager)
return encryption_service
@@ -54,8 +55,9 @@ def get_key_manager() -> KeyManager:
global key_manager
if key_manager is None:
from ..services.key_management import FileKeyStorage
import tempfile
key_storage = FileKeyStorage("/tmp/aitbc_keys")
key_storage = FileKeyStorage(tempfile.gettempdir() + "/aitbc_keys")
key_manager = KeyManager(key_storage)
return key_manager

12
cli/miner_management.py
View File

@@ -309,7 +309,8 @@ def submit_job_result(
response = requests.post(
f"{coordinator_url}/v1/miners/{job_id}/result",
headers=headers,
json=payload
json=payload,
timeout=30
)
if response.status_code == 200:
@@ -384,7 +385,8 @@ def update_capabilities(
response = requests.put(
f"{coordinator_url}/v1/miners/{miner_id}/capabilities",
headers=headers,
json=payload
json=payload,
timeout=30
)
if response.status_code == 200:
@@ -450,7 +452,8 @@ def list_marketplace_offers(
response = requests.get(
f"{coordinator_url}/v1/marketplace/miner-offers",
headers=admin_headers,
params=params
params=params,
timeout=30
)
if response.status_code == 200:
@@ -503,7 +506,8 @@ def create_marketplace_offer(
response = requests.post(
f"{coordinator_url}/v1/marketplace/offers",
headers=admin_headers,
json=payload
json=payload,
timeout=30
)
if response.status_code == 200: