fix(attachments): cross tenant hardening#5310
Conversation
…ership workflow edits via sockets, ui improvements
…ng improvements, posthog, secrets mutations
…ration, signup method feature flags, SSO improvements
…nts, secrets performance, polling refactors, drag resources in mothership
…y invalidation, HITL docs
…endar triggers, docs updates, integrations/models pages improvements
…ions, jira forms endpoints
…mat, logs performance improvements fix(csp): add missing analytics domains, remove unsafe-eval, fix workspace CSP gap (#4179) fix(landing): return 404 for invalid dynamic route slugs (#4182) improvement(seo): optimize sitemaps, robots.txt, and core web vitals across sim and docs (#4170) fix(gemini): support structured output with tools on Gemini 3 models (#4184) feat(brightdata): add Bright Data integration with 8 tools (#4183) fix(mothership): fix superagent credentials (#4185) fix(logs): close sidebar when selected log disappears from filtered list; cleanup (#4186)
v0.6.46: mothership streaming fixes, brightdata integration
…m integration, atlassian triggers
…nges, code hygiene
…lassian assets and google calendar tools
…d, security fixes
…richment providers, deepseek models, db performance
…nce, file sharing, scheduled tasks granularity
…t harness, sakana fugu provider v0.7.13: pii redaction, react query frontend refactor, pi coding agent harness, sakana fugu provider
…ix, settings overhaul, thrive learning integration
…extension, workspace forking, slack trigger extension, new README
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
PR SummaryHigh Risk Overview Server paths that resolve, download, or presign files now always derive storage context from the key prefix via Logging no longer distinguishes “explicit” vs “inferred” context because only key-based inference is used. Reviewed by Cursor Bugbot for commit 3cc2692. Configure here. |
Greptile SummaryThis PR hardens file attachment context handling across storage reads and provider uploads. The main changes are:
Confidence Score: 4/5This is close, but the download endpoint should be fixed before merging.
apps/sim/app/api/files/download/route.ts Important Files Changed
Reviews (4): Last reviewed commit: "fix" | Re-trigger Greptile |
| } | ||
| // Derive context from the trusted key prefix, mirroring the serve route this URL | ||
| // delegates to, which re-derives context from the key and ignores any client-supplied value. | ||
| const storageContext = inferContextFromKey(key) |
There was a problem hiding this comment.
This endpoint still calls inferContextFromKey(key) directly, even though the request contract still accepts context and isExecutionFile for files whose private storage context cannot be inferred from the key. For a stored legacy file such as legacy/ws/wf/ex/report.pdf with context: 'execution', this throws before access verification or URL creation. The client gets a failed download response instead of a URL for a file that the new trusted-context helper is meant to keep readable.
Summary
Closes a cross-tenant file read where an authenticated user could label a private workspace/… key with a world-readable context (og-images/workspace-logos) to bypass verifyFileAccess and read another tenant’s file. resolveFileInputToUrl, downloadFileFromStorage, the provider attachment path, and files/parse now infer context solely from the key prefix via inferContextFromKey.
Type of Change
Testing
Tested manually
Checklist