Skip to content

Use crypto-backed workdir IDs#38

Open
Copilot wants to merge 5 commits into
mainfrom
copilot/fix-predictable-workdir-ids
Open

Use crypto-backed workdir IDs#38
Copilot wants to merge 5 commits into
mainfrom
copilot/fix-predictable-workdir-ids

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 16, 2026
edited
Loading

Workdir names were derived from Math.random(), making /tmp/band-exec-* paths predictable to local processes. This could allow pre-created path attacks against per-execution files.

  • ID generation
    • Replaced non-cryptographic random IDs with crypto.randomBytes(8).
    • Produces 16-character hex IDs for workdir suffixes.
import { randomBytes } from "crypto";

export function randomId(): string {
  return randomBytes(8).toString("hex");
}

  • Server integration

    • Updated band-server to use the crypto-backed helper for execution workdir names.

  • Regression coverage

    • Added unit coverage for ID format and to guard against reintroducing Math.random().

Copilot AI linked an issue May 16, 2026 that may be closed by this pull request
Workdir IDs use Math.random() — predictable #31
Open
Copilot AI changed the title [WIP] Fix predictable workdir IDs using crypto Use crypto-backed workdir IDs May 16, 2026
Copilot finished work on behalf of mrjf May 16, 2026 14:25
Copilot AI requested a review from mrjf May 16, 2026 14:25
@mrjf mrjf marked this pull request as ready for review May 16, 2026 16:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrjf mrjf Awaiting requested review from mrjf

Assignees

@mrjf mrjf

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Workdir IDs use Math.random() — predictable

2 participants

@mrjf