Conversation
- Updated Makefile to include new targets for building Linux binaries (amd64 and arm64) and added a build-rpm target for creating RPM packages. - Introduced GitHub Actions workflow for building Linux packages, including steps for downloading artifacts, verifying binaries, and building RPMs. - Added RPM packaging scripts and service files to facilitate installation and management of the SafeChain Ultimate application on Linux systems. - Implemented uninstall script for proper cleanup of installed files and services.
![aikido-pr-checks[bot]](https://avatars.githubusercontent.com/in/898896?s=60&v=4){kind=small}
| fi | ||
|
|
||
| BUILD_DIR="$(mktemp -d)" | ||
| trap "rm -rf '$BUILD_DIR'" EXIT |
There was a problem hiding this comment.
EXIT trap uses rm -rf '$BUILD_DIR', so $BUILD_DIR won’t expand and cleanup targets a literal directory name, leaving the temp build directory behind.
Details
✨ AI Reasoning
The script creates a temporary directory and sets an EXIT trap intended to delete it. However, the trap command wraps the variable in single quotes, which stops the shell from expanding it when the trap executes. That makes the cleanup command operate on the literal string instead of the actual temporary path, so the temporary build directory will not be removed as intended.
🔧 How do I fix it?
Trace execution paths carefully. Ensure precondition checks happen before using values, validate ranges before checking impossible conditions, and don't check for states that the code has already ruled out.
Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
Show Fix
Remediation - low confidence
This patch mitigates the logic bug on line 87 by replacing single quotes with escaped double quotes around $BUILD_DIR in the trap command, ensuring the variable expands correctly and the temporary build directory is properly cleaned up on exit.
| trap "rm -rf '$BUILD_DIR'" EXIT | |
| trap "rm -rf \"$BUILD_DIR\"" EXIT |
- Introduced platform_linux.go to implement Linux-specific functionality for SafeChain Ultimate. - Added methods for managing system proxy settings using gsettings, including setting, unsetting, and checking proxy configurations. - Implemented certificate installation and uninstallation for proxy CA management. - Enhanced logging setup and configuration initialization for Linux environments. - Established a structure for service management and user context retrieval on Linux systems.
| return scriptPath, nil | ||
| } | ||
|
|
||
| func InstallSafeChain(ctx context.Context, repoURL, version string) error { |
There was a problem hiding this comment.
Downloads and executes a remote shell script (downloadSafeChainShellScript -> InstallSafeChain). Avoid fetching and executing scripts at runtime; use packaged installers or embed vetted installers instead.
Details
✨ AI Reasoning
The change introduces code that downloads a shell script from a remote release URL and executes it locally. This performs dynamic retrieval and execution of remote code (downloadSafeChainShellScript -> InstallSafeChain -> RunAsCurrentUser calling 'sh'), which can execute arbitrary instructions delivered by the remote source. Even if the download is 'verified' by a helper, executing shell scripts from network sources significantly increases risk and obscures runtime behavior. This harms transparency and can be used to hide malicious payloads.
🔧 How do I fix it?
Ensure code is transparent and not intentionally obfuscated. Avoid hiding functionality from code review. Focus on intent and deception, not specific patterns.
Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
| return nil | ||
| } | ||
|
|
||
| func UninstallSafeChain(ctx context.Context, repoURL, version string) error { |
There was a problem hiding this comment.
Downloads and executes a remote uninstall script (downloadSafeChainShellScript -> UninstallSafeChain). Avoid runtime execution of remote scripts; prefer verified local packages or signed artifacts.
Details
✨ AI Reasoning
The change adds UninstallSafeChain which downloads an uninstall shell script from a remote release URL and executes it with 'sh'. Like the install path, this dynamically executes remotely fetched code, making runtime behavior dependent on external content and increasing risk of concealed or malicious actions.
🔧 How do I fix it?
Ensure code is transparent and not intentionally obfuscated. Avoid hiding functionality from code review. Focus on intent and deception, not specific patterns.
Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
| certFileName = "aikidosafechain.crt" | ||
| ) | ||
|
|
||
| func initConfig() error { |
There was a problem hiding this comment.
platform_linux.go mixes proxy config, certificate management, service/user execution, and installer download/execute. Split into smaller modules (proxy, cert, service/privilege, installer) to isolate responsibilities.
Details
✨ AI Reasoning
This file adds many distinct responsibilities into a single platform component: managing system proxy settings (gsettings and environment files), handling CA certificate install/uninstall and calling update-ca-certificates, user/service execution and privilege switching, and downloading+executing install/uninstall scripts. Combining these unrelated platform concerns increases maintenance burden and testing complexity, and makes reuse harder. Each responsibility (proxy config, certificate management, service/user execution, and installer orchestration) is independently useful and should be factored into separate modules.
🔧 How do I fix it?
Split classes that handle database, HTTP, and UI concerns into separate, focused classes.
Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
| return os.Stdout, nil | ||
| } | ||
|
|
||
| func getGsettingsProxy(ctx context.Context) (string, error) { |
There was a problem hiding this comment.
getGsettingsProxy duplicates logic found in getGsettingsAutoConfigURL; consolidate into a single helper that accepts the gsettings key.
Details
✨ AI Reasoning
Two newly added functions perform the same sequence: run a gsettings command, capture Output(), check error, and trim quotes/spaces from the output. Both return a string and an error, and differ only in the gsettings key passed. This repeats identical business logic (invoke gsettings and parse output) that a single helper could handle, so future fixes/behavior changes would need updates in multiple places.
🔧 How do I fix it?
Delete extra code. Extract repeated code sequences into reusable functions or methods. Use loops or data structures to eliminate repetitive patterns.
Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
- Updated Makefile to add new targets for building DEB and APK packages from RPM files, specifically for Linux environments. - Modified GitHub Actions workflow to install necessary packaging tools and automate the conversion of RPM to DEB and APK formats. - Introduced a new build-apk.sh script to handle the conversion process for Alpine packages. - Cleaned up unused interface definitions in platform files to streamline the codebase.
packaging/rpm/build-apk.sh
Outdated
|
|
||
| SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" | ||
| RPM_FILE="$(cd "$(dirname "$RPM_FILE")" && pwd)/$(basename "$RPM_FILE")" | ||
| OUTPUT_DIR="$(mkdir -p "$OUTPUT_DIR" && cd "$OUTPUT_DIR" && pwd)" |
There was a problem hiding this comment.
OUTPUT_DIR assignment runs multiple filesystem commands in a single command-substitution; split commands to separate steps for clarity.
Details
✨ AI Reasoning
The assignment to OUTPUT_DIR executes mkdir -p, cd, and pwd inside a command substitution on a single line. This bundles multiple filesystem-modifying commands and directory changes into one expression, increasing cognitive load when reading and reasoning about side effects.
🔧 How do I fix it?
Break long lines to enhance clarity. Aim for a maximum of 80-120 characters per line, depending on the context and coding standards.
Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
tudor-timcu
changed the title
- Updated the GitHub Actions workflow to include a step for installing necessary Linux GUI dependencies, enhancing the build process for Linux environments. - This addition ensures that required libraries are available for GUI-related functionalities during the build.
- Updated the Makefile to utilize fpm for converting RPM packages to Alpine APK format, simplifying the build process. - Modified the GitHub Actions workflow to reflect the new conversion method and included the installation of fpm as a dependency. - Removed the outdated build-apk.sh script, streamlining the packaging process.
…vironment - Introduced Dockerfiles and configuration files for Alpine, CentOS, Debian, and Ubuntu to facilitate a consistent development environment across different Linux distributions. - Updated the Makefile to include dependencies for building RPM packages, enhancing the build process for Linux environments. - Each Dockerfile installs necessary tools and libraries, including fpm and Rust, to support the packaging and development workflow.
- Added new targets in the Makefile for installing and uninstalling RPM, DEB, and APK packages, improving the build process for Linux environments. - Updated RPM spec file and uninstall scripts to handle service management more robustly, ensuring proper installation and uninstallation procedures. - Modified Dockerfile to include procps-ng for enhanced process management capabilities.
- Introduced ClearProxyKeyring function to invalidate the proxy keyring entry, enhancing security by ensuring sensitive keys are properly managed. - Updated UninstallProxyCA function to call ClearProxyKeyring, ensuring the keyring is cleared during the uninstallation process. - Improved error handling and logging for keyring operations, providing better visibility into the uninstallation workflow.
| output, err := exec.CommandContext(ctx, "keyctl", "search", "@s", "user", keyDescription).Output() | ||
| if err != nil { | ||
| return nil |
There was a problem hiding this comment.
ClearProxyKeyring ignores errors from keyctl search (returns nil on exec error). Return or propagate the error instead of silently treating it as success so callers can detect failures.
Details
✨ AI Reasoning
The ClearProxyKeyring function intentionally swallows an error from exec.CommandContext(..."keyctl"...).Output() and returns nil, effectively treating a failed key search as success. This bypass can hide failures in keyring operations and makes error conditions unrecoverable or invisible to callers. Ignoring the command error changes observable behavior and can lead to incomplete cleanup. The change introduces a short-circuited failure handling path where upstream callers cannot distinguish search failures from 'no key found'.
🔧 How do I fix it?
Remove debugging statements like console.log, debugger, dd(), or logic bypasses like || true. Keep legitimate logging for monitoring and error handling.
Reply @AikidoSec feedback: [FEEDBACK] to get better review comments in the future.
Reply @AikidoSec ignore: [REASON] to ignore this issue.
More info
Show Fix
Remediation - low confidence
This patch mitigates the error suppression bypass in ClearProxyKeyring by replacing the silent nil return on keyctl search failure with proper error propagation, allowing callers to detect and handle keyring operation failures.
| output, err := exec.CommandContext(ctx, "keyctl", "search", "@s", "user", keyDescription).Output() | |
| if err != nil { | |
| return nil | |
| output, err := exec.CommandContext(ctx, "keyctl", "search", "@s", "user", keyDescription).Output() | |
| return fmt.Errorf("failed to search for keyring entry %s: %v", keyDescription, err) |
- Added Node.js, npm, and Python3 pip to the installation lists in Dockerfiles for Alpine, CentOS, Debian, and Ubuntu, enhancing the development environment with additional package management capabilities. - This update ensures that necessary tools for JavaScript and Python development are readily available in the containerized environments.
| } | ||
|
|
||
| log.Printf("Setting system PAC to %q via gsettings\n", pacURL) | ||
| if err := exec.CommandContext(ctx, "gsettings", "set", "org.gnome.system.proxy", "autoconfig-url", pacURL).Run(); err != nil { |
There was a problem hiding this comment.
Possible command injection via shell script - high severity
Your code spawns a subprocess via a shell script. User input could be abused to inject extra commands.
Remediation: This issue can be mitigated or ignored if you verified or sanitized the user input used in the shell command.
View details in Aikido Security
| if err := os.MkdirAll(certDir, 0755); err != nil { | ||
| return fmt.Errorf("failed to create certificate directory: %v", err) | ||
| } | ||
| input, err := os.ReadFile(certPath) |
There was a problem hiding this comment.
Potential file inclusion attack via reading file - high severity
If an attacker can control the input leading into the ReadFile function, they might be able to read sensitive files and launch further attacks with that information.
Show Fix
Remediation - medium confidence
This patch mitigates potential file inclusion attacks by implementing input validation for the ReadFile function.
| input, err := os.ReadFile(certPath) | |
| if strings.Contains(certPath, "../") || strings.Contains(certPath, "..\\") { | |
| return fmt.Errorf("invalid file path") | |
| } | |
| input, err := os.ReadFile(certPath) |
| cd alien && perl Makefile.PL && make && make install && \ | ||
| cd / && rm -rf /tmp/alien* | ||
|
|
||
| RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y |
There was a problem hiding this comment.
Binary, code or archive is pulled from a remote source without integrity verification - medium severity
A Docker container was built using an artifact from a remote source without any integrity verification. If the remote artifact were silently replaced with a malicious version (for example, through a supply chain attack), the integrity and confidentiality of the environment in which the container is deployed could be compromised.
Remediation: Validate the artifact against a trusted SHA-512 checksum in the CI/CD pipeline using sha512sum in check mode. Store the expected checksum in a file (e.g., artifact.sha512), then verify it with: sha512sum -c artifact.sha512. Enable strict error handling (for example, set -e in shell scripts) so the pipeline fails if verification fails or outputs errors.
View details in Aikido Security
| cd alien && perl Makefile.PL && make && make install && \ | ||
| cd / && rm -rf /tmp/alien* | ||
|
|
||
| RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y |
There was a problem hiding this comment.
Binary, code or archive is pulled from a remote source without integrity verification - medium severity
A Docker container was built using an artifact from a remote source without any integrity verification. If the remote artifact were silently replaced with a malicious version (for example, through a supply chain attack), the integrity and confidentiality of the environment in which the container is deployed could be compromised.
Remediation: Validate the artifact against a trusted SHA-512 checksum in the CI/CD pipeline using sha512sum in check mode. Store the expected checksum in a file (e.g., artifact.sha512), then verify it with: sha512sum -c artifact.sha512. Enable strict error handling (for example, set -e in shell scripts) so the pipeline fails if verification fails or outputs errors.
View details in Aikido Security
| && gem install fpm --no-document \ | ||
| && rm -rf /var/lib/apt/lists/* | ||
|
|
||
| RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y |
There was a problem hiding this comment.
Binary, code or archive is pulled from a remote source without integrity verification - medium severity
A Docker container was built using an artifact from a remote source without any integrity verification. If the remote artifact were silently replaced with a malicious version (for example, through a supply chain attack), the integrity and confidentiality of the environment in which the container is deployed could be compromised.
Remediation: Validate the artifact against a trusted SHA-512 checksum in the CI/CD pipeline using sha512sum in check mode. Store the expected checksum in a file (e.g., artifact.sha512), then verify it with: sha512sum -c artifact.sha512. Enable strict error handling (for example, set -e in shell scripts) so the pipeline fails if verification fails or outputs errors.
View details in Aikido Security
| && gem install fpm --no-document \ | ||
| && rm -rf /var/lib/apt/lists/* | ||
|
|
||
| RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y |
There was a problem hiding this comment.
Binary, code or archive is pulled from a remote source without integrity verification - medium severity
A Docker container was built using an artifact from a remote source without any integrity verification. If the remote artifact were silently replaced with a malicious version (for example, through a supply chain attack), the integrity and confidentiality of the environment in which the container is deployed could be compromised.
Remediation: Validate the artifact against a trusted SHA-512 checksum in the CI/CD pipeline using sha512sum in check mode. Store the expected checksum in a file (e.g., artifact.sha512), then verify it with: sha512sum -c artifact.sha512. Enable strict error handling (for example, set -e in shell scripts) so the pipeline fails if verification fails or outputs errors.
View details in Aikido Security
| return nil | ||
| } | ||
|
|
||
| if err := exec.CommandContext(ctx, "keyctl", "invalidate", keyID).Run(); err != nil { |
There was a problem hiding this comment.
Possible command injection via shell script - medium severity
Your code spawns a subprocess via a shell script. User input could be abused to inject extra commands.
Remediation: This issue can be mitigated or ignored if you verified or sanitized the user input used in the shell command.
View details in Aikido Security
1 participant
Summary by Aikido
🚀 New Features
⚡ Enhancements
More info