Skip to content

fix: security and robustness improvements (#116)#122

Open
lishanxiushanxiu wants to merge 1 commit intoagentscope-ai:mainfrom
lishanxiushanxiu:main
Open

fix: security and robustness improvements (#116)#122
lishanxiushanxiu wants to merge 1 commit intoagentscope-ai:mainfrom
lishanxiushanxiu:main

Conversation

@lishanxiushanxiu
Copy link
Copy Markdown

@lishanxiushanxiu lishanxiushanxiu commented Mar 8, 2026

🔒 Security & Robustness Improvements

This PR fixes several security issues and improves code robustness:

Security Fixes

  1. Temporary file permissions (create-worker.sh)

    • Added chmod 600 to restrict MinIO policy file permissions
    • Prevents unauthorized access to sensitive configuration

  2. Hardcoded test passwords (run-all-tests.sh)

    • Replaced testpassword123 with auto-generated secure passwords
    • Uses openssl rand -hex 12 for strong random generation

Robustness Improvements

  1. Cross-platform compatibility (.gitattributes)

    • Added .gitattributes file for consistent LF line endings
    • Prevents CRLF/LF issues across Windows/macOS/Linux

  2. Makefile error handling

    • Added || exit 1 to tag target commands
    • Ensures build fails fast on errors

  3. Timezone detection (hiclaw-install.sh)

    • Added date command fallback for macOS
    • Improved symlink resolution with readlink
    • Better timezone abbreviation mapping

Files Changed

  • manager/agent/skills/worker-management/scripts/create-worker.sh
  • tests/run-all-tests.sh
  • Makefile
  • install/hiclaw-install.sh
  • .gitattributes (new)
  • BUGFIX_REPORT.md (new)

Generated by HiClaw Manager Agent 🤖

fix: security and robustness improvements (alibaba#116)
80745a1 
- Fix temporary file permissions in create-worker.sh (chmod 600)
- Replace hardcoded test passwords with auto-generated secure values
- Add .gitattributes for consistent line endings across platforms
- Improve Makefile error handling with exit codes
- Enhance timezone detection with additional fallback methods

Security improvements:
- Temporary MinIO policy files now have restricted permissions (600)
- Test passwords are now auto-generated using openssl rand

Robustness improvements:
- Makefile tag target now fails fast on docker tag errors
- Timezone detection adds date command fallback for macOS
- Better handling of timezone abbreviation mapping
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Mar 8, 2026
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.

HiClaw Bot seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 8, 2026

📊 CI Metrics Report

ℹ️ No baseline available - This is the first run or baseline data was not found.

Summary

Metric Value
LLM Calls 0
Input Tokens 0
Output Tokens 0

Generated by HiClaw CI on 2026-03-08 14:44:13 UTC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lishanxiushanxiu @CLAassistant