fix: permission checks for external_directory and doom_loop#4433
Merged
rekram1-node merged 3 commits intoanomalyco:devfrom Nov 18, 2025
Merged
Conversation
Collaborator
|
Thank u for spotting this, will tweak it and merge it, currently cant due to github outage |
rekram1-node
force-pushed
the
fix/critical-permission-security
branch
from
8b61430 to
f0fa213
Compare
This reverts commit f0fa213.
rekram1-node
changed the title
Contributor
Author
|
Just to confirm: this current code path is "fail open" which means that if they leave it empty or put any value other than "ask" or "deny", it will automatically approve. I just want to make sure that's intended. |
Collaborator
|
If you don't set it, it automatically asks as intended If you set it to allow it will allow |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes permission checks that were not properly enforcing deny settings, allowing operations to proceed when they should be blocked.
Root Cause
Permission checks across the codebase were using an insecure pattern:
"ask"or specific values"deny"settingsundefined,null, or any unexpected valueTesting
Added comprehensive unit tests covering:
external_directory='allow'- proceeds without askingexternal_directory='deny'- denies without askingexternal_directory='ask'with approval - asks and proceedsexternal_directory='ask'with denial - asks and deniesAll 196 tests passing.
Fixes a systemic issue that could allow agents to bypass configured permission restrictions.