Skip to content

[Phase 1.3.2] Fix allow_from to default-deny on empty list #21

Open
Open
[Phase 1.3.2] Fix allow_from to default-deny on empty list#21
@richard-devbot

Description

@richard-devbot
richard-devbot
opened on Mar 29, 2026

Phase

Phase 1 — Critical Security | Track 1.3 — Authentication & Access | Priority: P1 HIGH

Vulnerability Details

Files: Gateway channel implementations (telegram.py, discord.py, slack.py)
CWE: CWE-284 — Improper Access Control

The `allow_from` config has ambiguous semantics. SECURITY.md says empty = deny all, but code may treat it as allow all depending on implementation.

Fix

  • Explicit default-deny: empty `allow_from` = no one allowed
  • Log WARNING when allow_from is empty (likely misconfiguration)
  • Add `"allow_from": ["*"]` syntax for explicit allow-all
  • Consistent behavior across all channel implementations

Acceptance Criteria

  • Empty allow_from blocks all users with WARNING log
  • Explicit `["*"]` required for allow-all
  • Behavior consistent across Telegram, Discord, Slack, Twitch, MQTT
  • Security tests for each channel type
  • Documentation updated

References

  • CWE-284
  • Design Doc: docs/plans/2026-03-29-security-ai-guardrails-performance-design.md

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions