security: fail-closed on Twilio webhook auth + drop x-post unpinned auto-install#2000
security: fail-closed on Twilio webhook auth + drop x-post unpinned auto-install#2000john-the-dev wants to merge 2 commits into
Conversation
**Finding sonichi#2 (agent-api.py):** `validate_twilio_signature` returned True when TWILIO_AUTH_TOKEN was unset, accepting all unauthenticated Twilio webhooks and allowing arbitrary task injection via /twilio/* endpoints. Changed to return False — fail closed — with a 4-test regression suite. **Finding sonichi#5 (skills/x-twitter/x-post.py):** `_require_requests` ran `pip3 install --break-system-packages` as an import side-effect, exposing the install to supply-chain attacks on unpinned packages. Replaced with a clear diagnostic `sys.exit` telling the operator to install the deps explicitly. Both findings confirmed in workspace/notes/security-audit-source-2026-07-06.md. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01QB3qZQrwponfum2JFNvHeh
Coverage Gate✅ Diff coverage PASSES the 95% bar. Whole-tree (informational): 35%. Diff CoverageDiff: origin/main...HEAD, staged and unstaged changes
Summary
|
x-post.py no longer auto-installs requests/requests-oauthlib (removed in the previous commit to eliminate the supply-chain risk from unpinned pip installs). Document the one-time install step in SKILL.md so operators know what to run before first use. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01QB3qZQrwponfum2JFNvHeh
|
@cla-assistant check |
qingyun-wu
left a comment
There was a problem hiding this comment.
Cold-reviewed — no code defects found.
Twilio fail-closed (src/agent-api.py) — correct. Returning False when TWILIO_AUTH_TOKEN is unset closes the accept-all hole; the 4 regression tests cover no-token / empty-token / missing-sig / wrong-sig. ✅
x-post auto-install drop (skills/x-twitter/x-post.py) — correct hardening; dropping the unpinned --break-system-packages install removes a host-mutation/supply-chain risk. Verified sys is imported (line 21), so the new sys.exit(...) path exits cleanly rather than raising NameError. ✅
Two non-blocking notes:
- Operational (before merge): this is a behavior change — any environment running Twilio voice/webhooks without
TWILIO_AUTH_TOKENset will now reject all webhooks. Correct posture, but confirm the token is set in the target.envor phone webhooks stop working. (The docstring already flags this.) - Scope: two concerns in one PR (Twilio auth + x-post install). Both from the same 07-06 audit and small, so not worth splitting — just noting per single-concern-per-PR.
No blockers from me; recommend merge after confirming (1). Merge stays your call.
|
Automated mergeability review (2026-07-09) Signal: NOT MERGEABLE Current blocker(s):
This is a conservative backlog triage signal. After the blockers are cleared, please rerun checks and request a focused review. |
Summary
Two confirmed security findings from
workspace/notes/security-audit-source-2026-07-06.md:Finding #2 — Twilio webhook auth fails open (MEDIUM)
validate_twilio_signatureinsrc/agent-api.pyreturnedTruewhenTWILIO_AUTH_TOKENwas unset:An unauthenticated HTTP POST to
/twilio/voice,/twilio/sms, or/twilio/transcriptionwould create a task in the agent without any Twilio signature check. Widened byAGENT_API_BIND=0.0.0.0(LAN exposure).Fix: return
False— the endpoint requiresTWILIO_AUTH_TOKENto be configured. Adds a 4-test regression suite (tests/agent-api-twilio-auth.test.py).Finding #5 — x-post unpinned pip auto-install (LOW-MED)
skills/x-twitter/x-post.pyranpip3 install --break-system-packages requests requests-oauthlibas an import side-effect when the packages were missing. Unpinned installs are vulnerable to supply-chain attacks (typosquatting, compromised packages).--break-system-packagesoverrides OS protection.Fix: Replace auto-install with
sys.exit()printing clear install instructions. Operator installs deps once; the skill never self-modifies the environment.Test plan
python3 tests/agent-api-twilio-auth.test.py— all 4 tests passTWILIO_AUTH_TOKENin.env(was required before; now enforced at the code level too)🤖 Generated with Claude Code
https://claude.ai/code/session_01QB3qZQrwponfum2JFNvHeh