From 6153c5ed68e2cdca96e9f62520443d1e363ea755 Mon Sep 17 00:00:00 2001 From: pewdiepie-archdaemon Date: Wed, 3 Jun 2026 11:16:56 +0900 Subject: [PATCH] Close app_api blocklist gap for bare /api/tokens and /api/users MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The blocklist prefixes had trailing slashes, so path.startswith() only matched /api/tokens/{id} but not /api/tokens itself — the bare GET (list) and POST (mint) endpoints were reachable via app_api. Same gap on /api/users (list/create/delete). Drop trailing slashes so both bare and sub-resource forms are blocked. /api/auth and /api/admin had no bare endpoints today but get the same treatment to prevent future drift. Caught by #1462. --- src/tool_implementations.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/tool_implementations.py b/src/tool_implementations.py index 722c39f..3413075 100644 --- a/src/tool_implementations.py +++ b/src/tool_implementations.py @@ -2671,10 +2671,10 @@ async def _cookbook_register_task(session_id: str, model: str, host: str, # when the agent is admin-context — accidental "delete account" # style mistakes have permanent blast radius. _APP_API_BLOCKLIST_PREFIXES = ( - "/api/auth/", # login/logout/password - "/api/users/", # user CRUD - "/api/tokens/", # api token mgmt - "/api/admin/", # admin one-shots (wipe etc.) + "/api/auth", # login/logout/password + "/api/users", # user CRUD (bare /api/users list+create+delete must also block) + "/api/tokens", # api token mgmt (bare /api/tokens list+create must also block) + "/api/admin", # admin one-shots (wipe etc.) "/api/backup/restore", # destructive restore )