Harden linked service integrations

Author: SecAI-Hub

services/gpu-integrity-watch/actions.go

@@ -12,6 +12,8 @@ import (
 	"time"
 )
 
+var outboundHTTPClient = &http.Client{Timeout: 15 * time.Second}
+
 // ActionType identifies a response action.
 type ActionType string
 
@@ -34,19 +36,19 @@ type ActionConfig struct {
 
 // ActionResult records the outcome of an executed action.
 type ActionResult struct {
-	Action    string    `json:"action"`
+	Action    string     `json:"action"`
 	Type      ActionType `json:"type"`
-	Triggered bool      `json:"triggered"`
-	Success   bool      `json:"success"`
-	Message   string    `json:"message"`
-	Timestamp time.Time `json:"timestamp"`
+	Triggered bool       `json:"triggered"`
+	Success   bool       `json:"success"`
+	Message   string     `json:"message"`
+	Timestamp time.Time  `json:"timestamp"`
 }
 
 // ActionExecutor evaluates scoring results and triggers configured actions.
 type ActionExecutor struct {
-	actions    []ActionConfig
-	modelDir   string
-	inferURL   string
+	actions  []ActionConfig
+	modelDir string
+	inferURL string
 }
 
 // NewActionExecutor creates an executor with the given action configs.
@@ -118,7 +120,7 @@ func (e *ActionExecutor) executeReload(ac ActionConfig) ActionResult {
 
 	// Try llama.cpp-style reload endpoint
 	url := strings.TrimSuffix(target, "/") + "/reload"
-	resp, err := http.Post(url, "application/json", strings.NewReader("{}"))
+	resp, err := outboundHTTPClient.Post(url, "application/json", strings.NewReader("{}"))
 	if err != nil {
 		// Fall back to command if configured
 		if ac.Command != "" {
@@ -210,7 +212,7 @@ func (e *ActionExecutor) executeAlert(ac ActionConfig, entry ScoreEntry) ActionR
 
 	if ac.Webhook != "" {
 		body, _ := json.Marshal(payload)
-		resp, err := http.Post(ac.Webhook, "application/json", strings.NewReader(string(body)))
+		resp, err := outboundHTTPClient.Post(ac.Webhook, "application/json", strings.NewReader(string(body)))
 		if err != nil {
 			ar.Success = false
 			ar.Message = fmt.Sprintf("webhook failed: %v", err)
@@ -250,7 +252,7 @@ func (e *ActionExecutor) executeFailClosed(ac ActionConfig) ActionResult {
 	// Try to signal inference server shutdown
 	if e.inferURL != "" {
 		url := strings.TrimSuffix(e.inferURL, "/") + "/shutdown"
-		resp, err := http.Post(url, "application/json", strings.NewReader("{}"))
+		resp, err := outboundHTTPClient.Post(url, "application/json", strings.NewReader("{}"))
 		if err != nil {
 			ar.Success = false
 			ar.Message = fmt.Sprintf("fail-closed shutdown request failed: %v", err)
@@ -271,6 +273,12 @@ func (e *ActionExecutor) executeFailClosed(ac ActionConfig) ActionResult {
 func executeCommand(ac ActionConfig) ActionResult {
 	ar := ActionResult{Action: ac.Name, Type: ac.Type, Triggered: true}
 
+	if os.Getenv("GPU_WATCH_ALLOW_ACTION_COMMANDS") != "true" {
+		ar.Success = false
+		ar.Message = "command actions disabled; set GPU_WATCH_ALLOW_ACTION_COMMANDS=true"
+		return ar
+	}
+
 	cmd := exec.Command("sh", "-c", ac.Command)
 	output, err := cmd.CombinedOutput()
 	if err != nil {

services/gpu-integrity-watch/main.go

@@ -340,7 +340,7 @@ func cmdStatus() {
 		}
 	}
 
-	resp, err := http.Get(addr + "/v1/status")
+	resp, err := outboundHTTPClient.Get(addr + "/v1/status")
 	if err != nil {
 		log.Fatalf("cannot reach daemon: %v", err)
 	}

services/gpu-integrity-watch/probes.go

@@ -5,7 +5,6 @@ import (
 	"encoding/hex"
 	"fmt"
 	"io"
-	"net/http"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -369,7 +368,7 @@ func (r *ProbeRunner) runSentinelInference(pc ProbeConfig) ProbeResult {
 // querySentinel sends a completion request to the inference endpoint.
 func querySentinel(endpoint, input string) (string, error) {
 	payload := fmt.Sprintf(`{"prompt":%q,"n_predict":64,"temperature":0}`, input)
-	resp, err := http.Post(endpoint+"/completion", "application/json", strings.NewReader(payload))
+	resp, err := outboundHTTPClient.Post(endpoint+"/completion", "application/json", strings.NewReader(payload))
 	if err != nil {
 		return "", err
 	}

services/quarantine/quarantine/pipeline.py

@@ -33,12 +33,22 @@
 import time
 from pathlib import Path
 from urllib.error import URLError
+from urllib.parse import urlparse
 from urllib.request import Request, urlopen
 
 import yaml
 
 log = logging.getLogger("quarantine.pipeline")
 
+
+def _http_urlopen(target, timeout: int = 30):
+    """Open only HTTP(S) URLs for scanner-local service calls."""
+    raw_url = target.full_url if isinstance(target, Request) else str(target)
+    scheme = urlparse(raw_url).scheme.lower()
+    if scheme not in {"http", "https"}:
+        raise URLError(f"unsupported URL scheme: {scheme or 'none'}")
+    return urlopen(target, timeout=timeout)  # nosec B310
+
 MODELS_LOCK_PATH = Path(
     os.getenv("MODELS_LOCK_PATH", "/etc/secure-ai/policy/models.lock.yaml")
 )
@@ -1564,7 +1574,7 @@ def _wait_for_server(port: int, timeout: int = 30) -> bool:
     while time.monotonic() < deadline:
         for url in readiness_urls:
             try:
-                with urlopen(url, timeout=2) as resp:
+                with _http_urlopen(url, timeout=2) as resp:
                     if getattr(resp, "status", 200) == 200:
                         return True
             except (URLError, OSError):
@@ -1596,7 +1606,7 @@ def _query_llama(port: int, prompt_messages: list, timeout: int = 60) -> dict:
         method="POST",
     )
     try:
-        with urlopen(req, timeout=timeout) as resp:
+        with _http_urlopen(req, timeout=timeout) as resp:
             data = json.loads(resp.read())
             return {
                 "ok": True,

services/quarantine/quarantine/watcher.py

@@ -23,6 +23,7 @@
 from datetime import datetime, timezone
 from pathlib import Path
 from urllib.error import URLError
+from urllib.parse import urlparse
 from urllib.request import Request, urlopen
 
 import sys
@@ -39,7 +40,7 @@
 if _services_root not in sys.path:
     sys.path.insert(0, _services_root)
 
-from common.audit_chain import AuditChain
+from common.audit_chain import AuditChain  # noqa: E402
 
 log = logging.getLogger("quarantine")
 
@@ -176,6 +177,37 @@ def _policy_version_id() -> str:
     return str(info)
 
 
+def _stage_gguf_guard_manifest(pipeline_details: dict | None) -> None:
+    """Move a generated GGUF guard manifest into the registry directory."""
+    if not pipeline_details:
+        return
+    manifest_info = pipeline_details.get("gguf_guard_manifest", {})
+    if not isinstance(manifest_info, dict) or not manifest_info.get("generated"):
+        return
+    manifest_path = manifest_info.get("manifest_path")
+    if not manifest_path:
+        return
+
+    source = Path(manifest_path)
+    dest = REGISTRY_DIR / source.name
+    try:
+        if source.resolve() != dest.resolve():
+            if not source.exists():
+                log.warning("gguf-guard manifest missing before registry promotion: %s", source)
+                manifest_info["generated"] = False
+                manifest_info["manifest_path"] = ""
+                return
+            shutil.move(str(source), str(dest))
+            log.info("moved gguf-guard manifest to registry dir: %s", dest.name)
+    except OSError as e:
+        log.warning("could not stage gguf-guard manifest %s: %s", source, e)
+        manifest_info["generated"] = False
+        manifest_info["manifest_path"] = ""
+        return
+
+    manifest_info["manifest_path"] = dest.name
+
+
 def _service_headers() -> dict[str, str]:
     """Return inter-service auth headers when a token is configured."""
     try:
@@ -188,6 +220,15 @@ def _service_headers() -> dict[str, str]:
     return headers
 
 
+def _http_urlopen(target, timeout: int = 30):
+    """Open only HTTP(S) URLs for registry service calls."""
+    raw_url = target.full_url if isinstance(target, Request) else str(target)
+    scheme = urlparse(raw_url).scheme.lower()
+    if scheme not in {"http", "https"}:
+        raise URLError(f"unsupported URL scheme: {scheme or 'none'}")
+    return urlopen(target, timeout=timeout)  # nosec B310
+
+
 def promote_to_registry(filename: str, file_hash: str, size_bytes: int,
                         scan_results: dict, model_type: str = "llm",
                         source_url: str = "",
@@ -227,8 +268,9 @@ def promote_to_registry(filename: str, file_hash: str, size_bytes: int,
         if fp:
             payload["gguf_guard_fingerprint"] = fp
         manifest_info = pipeline_details.get("gguf_guard_manifest", {})
-        if manifest_info.get("generated"):
-            payload["gguf_guard_manifest"] = manifest_info.get("manifest_path", "")
+        manifest_path = manifest_info.get("manifest_path", "")
+        if manifest_info.get("generated") and manifest_path:
+            payload["gguf_guard_manifest"] = Path(manifest_path).name
 
     try:
         req = Request(
@@ -237,7 +279,7 @@ def promote_to_registry(filename: str, file_hash: str, size_bytes: int,
             headers=_service_headers(),
             method="POST",
         )
-        with urlopen(req, timeout=30) as resp:
+        with _http_urlopen(req, timeout=30) as resp:
             result = json.loads(resp.read())
             log.info("registry promotion response: %s", result)
             return resp.status == 201
@@ -304,6 +346,7 @@ def process_artifact(artifact_path: Path) -> bool:
 
     # Collect scan result summary
     details = result.get("details", {})
+    _stage_gguf_guard_manifest(details)
     scan_summary = _build_scan_summary(details)
 
     # Extract source revision
@@ -410,6 +453,7 @@ def process_directory(artifact_dir: Path) -> bool:
     )
 
     details = result.get("details", {})
+    _stage_gguf_guard_manifest(details)
     scan_summary = _build_scan_summary(details)
     scan_summary["model_type"] = "diffusion"
 

services/registry/cmd/securectl/main.go

@@ -9,9 +9,11 @@ import (
 	"os"
 	"strings"
 	"text/tabwriter"
+	"time"
 )
 
 var registryURL = "http://127.0.0.1:8470"
+var apiClient = &http.Client{Timeout: 15 * time.Second}
 
 func init() {
 	if u := os.Getenv("REGISTRY_URL"); u != "" {
@@ -61,7 +63,7 @@ func apiRequest(method, path string, body io.Reader) ([]byte, int, error) {
 		req.Header.Set("Authorization", "Bearer "+token)
 	}
 
-	resp, err := http.DefaultClient.Do(req)
+	resp, err := apiClient.Do(req)
 	if err != nil {
 		return nil, 0, err
 	}