fix: restrict anchor_entity_id to trusted findings; re-vendor wardline taint golden#80
Merged
tachyon-beep merged 2 commits intoJun 29, 2026
Conversation
…etadata validate_plugin_finding passed all plugin metadata through verbatim and overwrote only anchor_file_path. The host-reserved anchor_entity_id key — consumed by the cli's host_finding_anchor_id, taken verbatim as findings.entity_id and FK-enforced at insert — was NOT protected: a plugin-reported finding could set it to override the trusted file anchor. A nonexistent id hard-failed the whole analyze run on the findings FK; an existing id silently mis-associated the finding. Strip anchor_entity_id at the plugin boundary (symmetric with the host-overwritten anchor_file_path). The legitimate producer — the host's duplicate-locator finding (clarion-48af930f2a) — builds its HostFinding directly and bypasses this path, so it is unaffected. Tests: - unit: the reserved key is stripped, anchor_file_path is still injected, and other plugin metadata is preserved. - e2e regression: a new opt-in fixture-plugin switch (LOOMWEAVE_FIXTURE_FINDING_FORGED_ANCHOR) emits a finding with a forged anchor_entity_id; the run completes and the finding falls back to a real anchor. Reverting the strip reproduces the FOREIGN KEY constraint hard-fail. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The Layer-2 drift recheck in wardline_taint_fact_conformance_oracle reds when the sibling Wardline repo is present at the default /home/john/wardline: the vendored golden's svc.leaky finding fingerprint (9a291cac) was stale. The committed Wardline authority advanced it to 242d8565 (via merge 808e4978 on release/consolidation-2026-06-26); only that one field differs. Re-vendor the golden byte-identical (cmp clean) and recompute the Layer-1 byte-pin GOLDEN_BLAKE3. This fixes the real drift rather than weakening the recheck to opt-in. Both the sibling-present (5/5) and skip-clean (CI absent) paths pass. Provenance: the authority is Wardline's release/consolidation-2026-06-26 branch; if that branch re-stamps the fingerprint before landing, Layer-2 will red again — that is the recheck working as designed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This was referenced Jun 29, 2026
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Addresses two P2 review findings.
1. Restrict
anchor_entity_idto trusted findings (trust boundary)validate_plugin_findingcopied all plugin metadata through verbatim and overwrote onlyanchor_file_path. The host-reservedanchor_entity_idkey — consumed by the cli'shost_finding_anchor_id, taken verbatim asfindings.entity_idand FK-enforced at insert — was not protected. A plugin-reported finding could therefore set it to override the trusted file anchor:Fix: strip the host-reserved
anchor_entity_idat the plugin boundary (symmetric with the already host-overwrittenanchor_file_path). The only legitimate producer — the host's duplicate-locator finding (clarion-48af930f2a) — builds itsHostFindingdirectly and bypasses this path, so it is unaffected. No subcode-gate at the consumer (avoids fragile cross-crate string-coupling).Tests:
host_validate.rs): reserved key stripped,anchor_file_pathstill injected, other plugin metadata preserved.analyze_hardening.rs) via a new opt-in fixture-plugin switch: a plugin emits a forgedanchor_entity_id; the run completes and the finding falls back to a real anchor. Reverting the strip reproduces the exactFOREIGN KEY constraint failedrun hard-fail.2. Re-vendor the Wardline taint golden
The Layer-2 drift recheck in
wardline_taint_fact_conformance_oraclereds when the sibling Wardline repo is present: the vendored golden'ssvc.leakyfinding fingerprint (9a291cac) was stale. The committed Wardline authority advanced it to242d8565(via merge808e4978onrelease/consolidation-2026-06-26); only that one field differs.Fix: re-vendor the golden byte-identical (
cmpclean) and recompute the Layer-1 byte-pinGOLDEN_BLAKE3. This fixes the real drift rather than weakening the recheck to opt-in. Both sibling-present (5/5) and skip-clean (CI absent) paths pass.Verification
Full CI floor green locally:
fmt,clippy -D warnings,build,nextest(1977 passed, 2 skipped, run withWARDLINE_REPOset),doc -D warnings,deny check.🤖 Generated with Claude Code