[Security] Harden the AI/LLM client — block cleartext egress, enforce TLS verification, add timeouts #145

Open
opened 2026-07-03 10:26:46 +00:00 by jabber.developer2 · 0 comments
Collaborator

Part of #144. Decision legend: M must-do, C could-do, W won't-do (this cycle); investigate = verify the problem is real / scope it before implementing.

Subtasks & findings

T01 — AI/LLM provider egress: reject http:// + TLS-verify + timeouts

Owner: Dev1 (AI) · Decision: M · Effort: ~0.5–1d · Investigate: investigate EXT-01 reachability first

Shared curl setopt sites; merges CIS-08.

  • REQ-EXT-01 (critical · m (investigate)) — AI/LLM client accepts http:// provider URLs — cleartext API key + conversation egress (merges REQ-CIS-08)
    • Evidence: cmd_funcs.c:7019; ai_client.c:388,811-815,1596-1601
    • Fix: Reject non-https at provider-add (cmd_ai_set) and in ai_add_provider; set CURLOPT_SSL_VERIFYPEER=1L/VERIFYHOST=2L at both curl sites; flip test_ai.c:85-95 to assert reject (shares curl sites with REQ-EXT-03)
    • Maps to: NIST PR.DS-02/PR.PS-01; ISO A.5.14/A.8.24/A.8.27; CIS 15.4
  • REQ-EXT-03 (medium · m) — AI curl handle has no CURLOPT_CONNECTTIMEOUT; no cap/stall test
    • Evidence: ai_client.c:815,1601
    • Fix: Add CURLOPT_CONNECTTIMEOUT at both sites; add stall/connect-timeout + over-cap tests vs mock (shares curl sites with REQ-EXT-01)
    • Maps to: NIST PR.IR-03/ID.RA-09; ISO A.8.6/A.8.16
  • REQ-CIS-08 (high) — folded into REQ-EXT-01 (same fix). No enforced TLS/integrity baseline toward external providers + no provider-classification doc

Checklist

T01 — AI/LLM provider egress: reject http:// + TLS-verify + timeouts

  • REQ-EXT-01 · critical · M · investigate — AI/LLM client accepts http:// provider URLs — cleartext API key + conversation egress (merges REQ-CIS-08)
  • REQ-EXT-03 · medium · M — AI curl handle has no CURLOPT_CONNECTTIMEOUT; no cap/stall test
  • REQ-CIS-08 — folded into REQ-EXT-01 (no separate work)

Notes

  • Investigate first (verify/scope before implementing): REQ-EXT-01.
  • Folded duplicates (counted once): REQ-CIS-08→REQ-EXT-01.
Part of #144. Decision legend: **M** must-do, **C** could-do, **W** won't-do (this cycle); *investigate* = verify the problem is real / scope it before implementing. ## Subtasks & findings ### T01 — AI/LLM provider egress: reject http:// + TLS-verify + timeouts _Owner:_ Dev1 (AI) · _Decision:_ M · _Effort:_ ~0.5–1d · _Investigate:_ investigate EXT-01 reachability first Shared curl setopt sites; merges CIS-08. - **REQ-EXT-01** (critical · _m (investigate)_) — AI/LLM client accepts http:// provider URLs — cleartext API key + conversation egress (merges REQ-CIS-08) - Evidence: `cmd_funcs.c:7019; ai_client.c:388,811-815,1596-1601` - Fix: Reject non-https at provider-add (cmd_ai_set) and in ai_add_provider; set CURLOPT_SSL_VERIFYPEER=1L/VERIFYHOST=2L at both curl sites; flip test_ai.c:85-95 to assert reject (shares curl sites with REQ-EXT-03) - Maps to: NIST PR.DS-02/PR.PS-01; ISO A.5.14/A.8.24/A.8.27; CIS 15.4 - **REQ-EXT-03** (medium · _m_) — AI curl handle has no CURLOPT_CONNECTTIMEOUT; no cap/stall test - Evidence: `ai_client.c:815,1601` - Fix: Add CURLOPT_CONNECTTIMEOUT at both sites; add stall/connect-timeout + over-cap tests vs mock (shares curl sites with REQ-EXT-01) - Maps to: NIST PR.IR-03/ID.RA-09; ISO A.8.6/A.8.16 - **REQ-CIS-08** (high) — folded into **REQ-EXT-01** (same fix). No enforced TLS/integrity baseline toward external providers + no provider-classification doc ## Checklist **T01 — AI/LLM provider egress: reject http:// + TLS-verify + timeouts** - [ ] **REQ-EXT-01** · critical · M · investigate — AI/LLM client accepts http:// provider URLs — cleartext API key + conversation egress (merges REQ-CIS-08) - [ ] **REQ-EXT-03** · medium · M — AI curl handle has no CURLOPT_CONNECTTIMEOUT; no cap/stall test - [ ] **REQ-CIS-08** — folded into REQ-EXT-01 (no separate work) ## Notes - **Investigate first** (verify/scope before implementing): REQ-EXT-01. - **Folded duplicates** (counted once): REQ-CIS-08→REQ-EXT-01.
jabber.developer added the
Kind/Security
Priority
Medium
3
labels 2026-07-03 10:32:13 +00:00
jabber.developer added this to the Plans (2025-2026) project 2026-07-03 10:32:19 +00:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: devs/cproof#145
No description provided.