Actions: untrusted profile can bypass the confirmation + response mis-parse #7
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
From the review. Two issues in the bi-directional action framework:
gui/main.py _run_actiongates the confirmation on the profile-declaredriskfield, andvalidate_actionallows any UDS service ID. A malicious/careless profile can label an ECU-reset/reflash"safe"and it runs with no prompt. Fix: derive effective risk from the actual UDS service IDs the steps send (2F/31/11/14/2E/27/34-37/non-default 10 => force confirmation); allowlist/classify SIDs invalidate_action; gate on max(declared, derived).run_action/_positivetest(sid+0x40)membership ANYWHERE in the bytes, so a negative-response NRC byte0x7Efalse-passes;0x7FNRC not reliably caught;0x78(responsePending) treated as terminal failure. Fix: contiguous7F <sid>reject guard + contiguous positive/expect subsequence match; handle 0x78 pending.