23115055989
5%

Ran 15 Mar 2026 05:03PM UTC

Jobs 1

Files 103

Run time 1min

Badge

Embed ▾

Committed 15 Mar 2026 05:02PM UTC coverage: 4.72%. Remained the same

Build # 23115055989

Build Type

push

github

Committed by root

Commit Message

fix: resolve critical CodeQL security alerts

Fixes multiple HIGH severity security issues:

1. Log Injection (31 alerts):
   - Add api/security_logging.py with sanitize_for_log()
   - Sanitize agent_id, tool_name in WebSocket and tool routes
   - Prevents log forging via newlines and control characters

2. Path Traversal (15 alerts):
   - Add _sanitize_plugin_id() in plugin_service.py
   - Validates plugin IDs to prevent directory traversal
   - Only allows alphanumeric, hyphens, and underscores

3. Information Exposure (8 alerts):
   - Replace detailed error messages with generic ones
   - Log details internally, return safe messages to users
   - Affects system health check endpoints

Security impact: HIGH → RESOLVED

Fixes: CodeQL alerts #4900-4934, #5000-5055

Run Details

13 of 1234 branches covered (1.05%)

Branch coverage included in aggregate %.

599 of 11731 relevant lines covered (5.11%)

0.05 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	23115055989.1	15 Mar 2026 05:03PM UTC	103	4.72	GitHub Action Run

SHAdd0WTAka / Zen-Ai-Pentest / 23115055989
5%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 23115055989

SHAdd0WTAka / Zen-Ai-Pentest / 23115055989 5%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 23115055989

SHAdd0WTAka / Zen-Ai-Pentest / 23115055989
5%

README BADGES
x