fix: use mkdtempSync for chroot-hosts to address CodeQL CWE-377

Build complete chroot-hosts content in memory, then write atomically
to a securely-created temp directory (fs.mkdtempSync). This satisfies
CodeQL's js/insecure-temporary-file rule by using the recognized
sanitizer for temp file creation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: Mossaka

src/docker-manager.test.ts

@@ -568,10 +568,10 @@ describe('docker-manager', () => {
       expect(volumes).toContain('/etc/ca-certificates:/host/etc/ca-certificates:ro');
       expect(volumes).toContain('/etc/alternatives:/host/etc/alternatives:ro');
       expect(volumes).toContain('/etc/ld.so.cache:/host/etc/ld.so.cache:ro');
-      // /etc/hosts is now always a custom chroot-hosts file in chroot mode (for pre-resolved domains)
+      // /etc/hosts is always a custom hosts file in a secure chroot temp dir (for pre-resolved domains)
       const hostsVolume = volumes.find((v: string) => v.includes('/host/etc/hosts'));
       expect(hostsVolume).toBeDefined();
-      expect(hostsVolume).toContain('chroot-hosts:/host/etc/hosts:ro');
+      expect(hostsVolume).toMatch(/chroot-.*\/hosts:\/host\/etc\/hosts:ro/);
 
       // Should still include essential mounts
       expect(volumes).toContain('/tmp:/tmp:rw');
@@ -799,7 +799,7 @@ describe('docker-manager', () => {
       // Should mount a read-only copy of /etc/hosts with host.docker.internal pre-injected
       const hostsVolume = volumes.find((v: string) => v.includes('/host/etc/hosts'));
       expect(hostsVolume).toBeDefined();
-      expect(hostsVolume).toContain('chroot-hosts:/host/etc/hosts:ro');
+      expect(hostsVolume).toMatch(/chroot-.*\/hosts:\/host\/etc\/hosts:ro/);
     });
 
     it('should inject host.docker.internal into chroot-hosts file', () => {
@@ -810,8 +810,10 @@ describe('docker-manager', () => {
       };
       generateDockerCompose(config, mockNetworkConfig);
 
-      // The chroot-hosts file should exist and contain host.docker.internal
-      const chrootHostsPath = `${mockConfig.workDir}/chroot-hosts`;
+      // Find the chroot hosts file (mkdtempSync creates chroot-XXXXXX directory)
+      const chrootDir = fs.readdirSync(mockConfig.workDir).find(d => d.startsWith('chroot-'));
+      expect(chrootDir).toBeDefined();
+      const chrootHostsPath = `${mockConfig.workDir}/${chrootDir}/hosts`;
       expect(fs.existsSync(chrootHostsPath)).toBe(true);
       const content = fs.readFileSync(chrootHostsPath, 'utf8');
       // Docker bridge gateway resolution may succeed or fail in test env,
@@ -829,10 +831,10 @@ describe('docker-manager', () => {
       const agent = result.services.agent;
       const volumes = agent.volumes as string[];
 
-      // Should mount a custom chroot-hosts file (for pre-resolved domains)
+      // Should mount a custom hosts file in a secure chroot temp dir (for pre-resolved domains)
       const hostsVolume = volumes.find((v: string) => v.includes('/host/etc/hosts'));
       expect(hostsVolume).toBeDefined();
-      expect(hostsVolume).toContain('chroot-hosts:/host/etc/hosts:ro');
+      expect(hostsVolume).toMatch(/chroot-.*\/hosts:\/host\/etc\/hosts:ro/);
     });
 
     it('should pre-resolve allowed domains into chroot-hosts file', () => {
@@ -859,7 +861,10 @@ describe('docker-manager', () => {
       };
       generateDockerCompose(config, mockNetworkConfig);
 
-      const chrootHostsPath = `${mockConfig.workDir}/chroot-hosts`;
+      // Find the chroot hosts file (mkdtempSync creates chroot-XXXXXX directory)
+      const chrootDir = fs.readdirSync(mockConfig.workDir).find(d => d.startsWith('chroot-'));
+      expect(chrootDir).toBeDefined();
+      const chrootHostsPath = `${mockConfig.workDir}/${chrootDir}/hosts`;
       expect(fs.existsSync(chrootHostsPath)).toBe(true);
       const content = fs.readFileSync(chrootHostsPath, 'utf8');
 
@@ -887,7 +892,10 @@ describe('docker-manager', () => {
       // Should not throw even if resolution fails
       generateDockerCompose(config, mockNetworkConfig);
 
-      const chrootHostsPath = `${mockConfig.workDir}/chroot-hosts`;
+      // Find the chroot hosts file (mkdtempSync creates chroot-XXXXXX directory)
+      const chrootDir = fs.readdirSync(mockConfig.workDir).find(d => d.startsWith('chroot-'));
+      expect(chrootDir).toBeDefined();
+      const chrootHostsPath = `${mockConfig.workDir}/${chrootDir}/hosts`;
       expect(fs.existsSync(chrootHostsPath)).toBe(true);
       const content = fs.readFileSync(chrootHostsPath, 'utf8');
 
@@ -916,7 +924,10 @@ describe('docker-manager', () => {
       };
       generateDockerCompose(config, mockNetworkConfig);
 
-      const chrootHostsPath = `${mockConfig.workDir}/chroot-hosts`;
+      // Find the chroot hosts file (mkdtempSync creates chroot-XXXXXX directory)
+      const chrootDir = fs.readdirSync(mockConfig.workDir).find(d => d.startsWith('chroot-'));
+      expect(chrootDir).toBeDefined();
+      const chrootHostsPath = `${mockConfig.workDir}/${chrootDir}/hosts`;
       const content = fs.readFileSync(chrootHostsPath, 'utf8');
 
       // Count occurrences of 'localhost' - should only be the original entries, not duplicated

src/docker-manager.ts

@@ -500,18 +500,19 @@ export function generateDockerCompose(
     // 1. Pre-resolve allowed domains using the host's DNS stack (supports Tailscale MagicDNS,
     //    split DNS, and other custom resolvers not available inside the container)
     // 2. Inject host.docker.internal when --enable-host-access is set
-    const chrootHostsPath = path.join(config.workDir, 'chroot-hosts');
+    // Build complete chroot hosts file content in memory, then write atomically
+    // to a securely-created temp directory (mkdtempSync) to satisfy CWE-377.
+    let hostsContent = '127.0.0.1 localhost\n';
     try {
-      fs.copyFileSync('/etc/hosts', chrootHostsPath);
+      hostsContent = fs.readFileSync('/etc/hosts', 'utf-8');
     } catch {
-      fs.writeFileSync(chrootHostsPath, '127.0.0.1 localhost\n');
+      // /etc/hosts not readable, use minimal fallback
     }
 
-    // Pre-resolve allowed domains on the host and inject into /etc/hosts
+    // Pre-resolve allowed domains on the host and append to hosts content.
     // This is critical for domains that rely on custom DNS (e.g., Tailscale MagicDNS
     // at 100.100.100.100) which is unreachable from inside the Docker container's
     // network namespace. Resolution runs on the host where all DNS resolvers are available.
-    const hostsContent = fs.readFileSync(chrootHostsPath, 'utf-8');
     for (const domain of config.allowedDomains) {
       // Skip patterns that aren't resolvable hostnames
       if (domain.startsWith('*.') || domain.startsWith('.') || domain.includes('*')) continue;
@@ -523,7 +524,7 @@ export function generateDockerCompose(
         const parts = stdout.trim().split(/\s+/);
         const ip = parts[0];
         if (ip) {
-          fs.appendFileSync(chrootHostsPath, `${ip}\t${domain}\n`);
+          hostsContent += `${ip}\t${domain}\n`;
           logger.debug(`Pre-resolved ${domain} -> ${ip} for chroot /etc/hosts`);
         }
       } catch {
@@ -532,7 +533,7 @@ export function generateDockerCompose(
       }
     }
 
-    // Add host.docker.internal when host access is enabled
+    // Add host.docker.internal when host access is enabled.
     // Docker only adds this to the container's /etc/hosts via extra_hosts, but the
     // chroot uses the host's /etc/hosts which lacks this entry. MCP servers need it
     // to connect to the MCP gateway running on the host.
@@ -544,15 +545,18 @@ export function generateDockerCompose(
         ]);
         const hostGatewayIp = stdout.trim();
         if (hostGatewayIp) {
-          fs.appendFileSync(chrootHostsPath, `${hostGatewayIp}\thost.docker.internal\n`);
+          hostsContent += `${hostGatewayIp}\thost.docker.internal\n`;
           logger.debug(`Added host.docker.internal (${hostGatewayIp}) to chroot-hosts`);
         }
       } catch (err) {
         logger.debug(`Could not resolve Docker bridge gateway: ${err}`);
       }
     }
 
-    fs.chmodSync(chrootHostsPath, 0o644);
+    // Write to a securely-created directory (mkdtempSync satisfies CWE-377)
+    const chrootHostsDir = fs.mkdtempSync(path.join(config.workDir, 'chroot-'));
+    const chrootHostsPath = path.join(chrootHostsDir, 'hosts');
+    fs.writeFileSync(chrootHostsPath, hostsContent, { mode: 0o644 });
     agentVolumes.push(`${chrootHostsPath}:/host/etc/hosts:ro`);
 
     // SECURITY: Hide Docker socket to prevent firewall bypass via 'docker run'