Skip to content

fix: remove report moderation token leak#42

Draft
dduffy-groq wants to merge 1 commit into
mainfrom
h1-3831804-report-token-leak
Draft

fix: remove report moderation token leak#42
dduffy-groq wants to merge 1 commit into
mainfrom
h1-3831804-report-token-leak

Conversation

@dduffy-groq

@dduffy-groq dduffy-groq commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Removes the H1-3831804 /api/report leak of a tokenized moderation URL.
  • Stops trusting caller-supplied rootUrl for moderation/report links.
  • Removes browser GET/query-token authorization from /api/block.
  • Adds a dependency-free regression guard for the confirmed leak path.

Security Rationale

The old report flow was unauthenticated, loaded the app creator IP, built a /block?...&token=... URL with BLOCK_SECRET, sent it to Slack, and returned the same URL to the caller. That exposed a privileged moderation token and a destructive block/delete primitive to the reporter.

This patch keeps report submission working but removes the tokenized moderation URL from the response and stops client/browser code from invoking destructive block actions through a URL.

Internal Context

Checked Slack, Google Drive, and Notion via authenticated fallbacks. No rationale found for preserving caller-controlled rootUrl, URL-carried BLOCK_SECRET, or unauthenticated access to a destructive moderation link.

Notion MCP OAuth/login was completed on 2026-07-02. Browser workspace search found CE-421 / Appgen - add LLM check for user abuse reports to reduce false positives, a P2 Backlog Cloud Engineering item. That supports historical AppGen abuse-report false-positive concerns, but not the token-in-URL moderation behavior.

Evidence: evidence/H1-3831804/internal_context.md

Linear: https://linear.app/groq/issue/SEC-32

Validation

  • git diff --check
  • npm run test:h1-3831804

pnpm lint did not run because local dependencies are not installed (next not found).

Follow-Up

Replace the internal x-block-secret flow with the product's normal admin-authenticated moderation path when that owner/system is available.

@vercel

vercel Bot commented Jun 29, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
groq-appgen Ready Ready Preview Jun 29, 2026 10:36pm

Request Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Development

Successfully merging this pull request may close these issues.

1 participant