fix: remediate CodeQL security alerts by santoshkumarradha · Pull Request #361 · Agent-Field/agentfield

santoshkumarradha · 2026-04-07T18:37:59Z

Summary

remove registration-time callback health probing and replace it with syntax-only normalization/selection to eliminate uncontrolled outbound requests from node registration
gate serverless /discover fetches behind a config-backed host allowlist with safe local defaults, redirect blocking, and YAML/env support
replace direct SHA-256 passphrase hashing with a versioned PBKDF2-based encryption format and add focused regression tests
tighten the flagged Python and functional test cases and add explicit least-privilege workflow permissions

CodeQL alerts addressed

Refactor agent testing and improve error handling #1 Workflow does not contain permissions (.github/workflows/docker.yml:19)
Rename Brain product to Haxen #2 Workflow does not contain permissions (.github/workflows/functional-tests.yml:30)
Fix Go SDK module path for proper package importing #3 Workflow does not contain permissions (.github/workflows/docker.yml:40)
Rename project references from Haxen to AgentField #4 Workflow does not contain permissions (.github/workflows/functional-tests.yml:163)
Claude/build install script 011 c uqe6w5 e bj qknd w48f e9 n #5 Incomplete URL substring sanitization (sdk/python/tests/test_agent_networking.py:34)
Fix stub storage CountExecutionVCs #6 Binding a socket to all network interfaces (tests/functional/tests/test_ts_agent.py:23)
Santosh/multimodal object #12 Uncontrolled data used in network request (control-plane/internal/handlers/nodes.go:71)
Add deep research example with planning and research routers #13 Uncontrolled data used in network request (control-plane/internal/handlers/nodes.go:221)
Improve sdk/controlplane test coverage #14 Uncontrolled data used in network request (control-plane/internal/handlers/nodes.go:1299)
Fix VC CLI workflow verification and tests #18 Use of a broken or weak cryptographic hashing algorithm on sensitive data (control-plane/internal/encryption/encryption.go:21)

Validation

cd control-plane && go test ./internal/encryption ./internal/handlers ./internal/server ./cmd/af ./cmd/agentfield-server
cd sdk/python && python3 -m pytest tests/test_agent_networking.py
python3 -m py_compile tests/functional/tests/test_ts_agent.py
git diff --check

github-actions · 2026-04-07T18:39:49Z

Performance

SDK	Memory	Δ	Latency	Δ	Tests	Status
Python	7.9 KB	-13%	0.43 µs	+23%	✓	✓

✓ No regressions detected

fix: remediate CodeQL security alerts

6970014

santoshkumarradha requested review from a team and AbirAbbas as code owners April 7, 2026 18:38

santoshkumarradha merged commit f7f5abc into main Apr 7, 2026
34 checks passed

This was referenced Apr 7, 2026

Chore/UI audit phase1 quick wins #350

Merged

test: add 24 critical-path test files across control plane, SDKs #352

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: remediate CodeQL security alerts#361

fix: remediate CodeQL security alerts#361
santoshkumarradha merged 1 commit intomainfrom
codex/codeql-alert-remediation

santoshkumarradha commented Apr 7, 2026

Uh oh!

github-actions Bot commented Apr 7, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

santoshkumarradha commented Apr 7, 2026

Summary

CodeQL alerts addressed

Validation

Uh oh!

github-actions Bot commented Apr 7, 2026

Performance

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant