Skip to content

feat: add public doctor API for programmatic usage [4 of 8] #271

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
whizzzkid wants to merge 1 commit into from
Closed

feat: add public doctor API for programmatic usage [4 of 8] #271

whizzzkid wants to merge 1 commit into from

Conversation

@whizzzkid
Copy link
Contributor

@whizzzkid whizzzkid commented Jan 29, 2026

Part 4 of 8

This is 4/8 of #265

Description of Changes (auto-gen)

  • Add src/doctor/api.rs with run() and list() functions
  • Update src/doctor/check.rs for API integration
  • Update src/doctor/commands/run.rs to use new runner
  • Update src/doctor/mod.rs with new exports
  • Refactor src/doctor/runner.rs for library usage

@whizzzkid @claude
feat: add public doctor API for programmatic usage
1fafbf3 
- Add src/doctor/api.rs with run() and list() functions
- Update src/doctor/check.rs for API integration
- Update src/doctor/commands/run.rs to use new runner
- Update src/doctor/mod.rs with new exports
- Refactor src/doctor/runner.rs for library usage

Co-Authored-By: Claude (global.anthropic.claude-opus-4-5-20251101-v1:0) <noreply@anthropic.com>
@whizzzkid whizzzkid changed the title feat: add public doctor API for programmatic usage feat: add public doctor API for programmatic usage [4 of 8] Jan 29, 2026
@whizzzkid whizzzkid deleted the branch feat/refactor-library-part_3 January 29, 2026 20:17
@whizzzkid whizzzkid closed this Jan 29, 2026
@whizzzkid whizzzkid deleted the feat/refactor-library-part_4 branch January 29, 2026 20:17
@dryrunsecurity
Copy link

dryrunsecurity bot commented Jan 29, 2026

DryRun Security

This pull request introduces insecure temporary file handling in src/doctor/commands/run.rs: the migration code uses a predictable path under world-writable /tmp (/tmp/scope/cache-file.json) without ownership or symlink checks, allowing local attackers to pre-create or replace the file with a symlink and cause arbitrary file reads or, if destination influence is possible, file overwrites.

Insecure Temporary File Handling in src/doctor/commands/run.rs
Vulnerability Insecure Temporary File Handling
Description The migration logic in get_cache and migrate_old_cache uses a hardcoded, predictable path in the world-writable /tmp directory (/tmp/scope/cache-file.json) without performing necessary security checks such as ownership verification or symlink detection. Since /tmp is world-writable, any local user can pre-create this directory and file. If an attacker replaces the file with a symbolic link, the tool (running as another user, potentially root) will follow the link and copy the contents of the target file to the new cache location. This leads to arbitrary file read (information disclosure) or, if the attacker can influence the destination path (e.g., via environment variables), arbitrary file overwrite.

scope/src/doctor/commands/run.rs

Lines 54 to 57 in 1fafbf3

let old_default_cache_path = PathBuf::from("/tmp/scope/cache-file.json");
// Handle backward compatibility: migrate from old location to new location
let should_migrate = cache_dir != "/tmp/scope"

All finding details can be found in the DryRun Security Dashboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@whizzzkid