StingNing 944abe0a6c fix(security): recognize localized Windows SYSTEM account in ACL audit (#29698) ... * fix(security): recognize localized Windows SYSTEM account in ACL audit On non-English Windows (e.g. French "AUTORITE NT\Système"), the security audit falsely reports fs.config.perms_writable because the localized SYSTEM account name is not recognized as trusted. Changes: - Add common localized SYSTEM principal names (French, German, Spanish, Portuguese) to TRUSTED_BASE - Add diacritics-stripping fallback in classifyPrincipal for unhandled locales - Use well-known SID *S-1-5-18 in icacls reset commands instead of hardcoded "SYSTEM" string for locale independence Fixes #29681 * style: format windows acl files --------- Co-authored-by: Tak Hoffman <781889+Takhoffman@users.noreply.github.com>		2026-03-02 08:38:56 -06:00
..
audit-channel.ts	refactor(security): enforce account-scoped pairing APIs	2026-02-26 21:57:52 +01:00
audit-extra.async.ts	fix(sandbox): use one-time noVNC observer tokens	2026-02-21 13:56:58 +01:00
audit-extra.sync.test.ts	perf(test): fold secret equality assertions into audit extra suite	2026-02-16 00:18:27 +00:00
audit-extra.sync.ts	fix(security): clarify denyCommands exact-match guidance	2026-02-26 00:55:35 +01:00
audit-extra.ts	feat(security): warn on likely multi-user trust-model mismatch	2026-02-24 14:03:19 +00:00
audit-fs.ts	Doctor/Security: fix telegram numeric ID + symlink config permission warnings (#19844)	2026-02-18 00:09:51 -08:00
audit-tool-policy.ts	refactor(core): dedupe tool policy and IPv4 matcher logic	2026-02-16 16:14:54 +00:00
audit.test.ts	test(perf): stub docker probes in filesystem audit cases	2026-03-02 12:18:27 +00:00
audit.ts	security(feishu): bind doc create grants to trusted requester context (#31184)	2026-03-01 20:51:45 -06:00
channel-metadata.ts	fix(security): separate untrusted channel metadata from system prompt (thanks @KonstantinMirin)	2026-02-03 23:02:45 -08:00
dangerous-config-flags.ts	feat(gateway)!: require explicit non-loopback control-ui origins	2026-02-24 01:57:11 +00:00
dangerous-tools.ts	Deny cron tool on /tools/invoke by default	2026-02-24 04:33:50 +00:00
dm-policy-channel-smoke.test.ts	refactor: unify dm policy store reads and reason codes	2026-02-26 17:47:57 +01:00
dm-policy-shared.test.ts	refactor(security): enforce account-scoped pairing APIs	2026-02-26 21:57:52 +01:00
dm-policy-shared.ts	refactor: dedupe runtime and helper flows	2026-03-02 12:55:47 +00:00
external-content.test.ts	fix(security): harden spoofed system marker handling	2026-03-02 06:19:16 +00:00
external-content.ts	fix(security): harden spoofed system marker handling	2026-03-02 06:19:16 +00:00
fix.test.ts	refactor(core): dedupe shared config and runtime helpers	2026-02-16 14:59:30 +00:00
fix.ts	refactor(security): enforce account-scoped pairing APIs	2026-02-26 21:57:52 +01:00
mutable-allowlist-detectors.ts	refactor(security): unify dangerous name matching handling	2026-02-24 01:33:08 +00:00
safe-regex.test.ts	fix(security): harden regex compilation for filters and redaction	2026-02-23 23:54:50 +00:00
safe-regex.ts	fix(security): harden regex compilation for filters and redaction	2026-02-23 23:54:50 +00:00
scan-paths.ts	fix(security): enforce plugin and hook path containment	2026-02-19 15:37:29 +01:00
secret-equal.ts	fix(security): SHA-256 hash before timingSafeEqual to prevent length leak (#20856)	2026-02-19 03:16:35 -08:00
skill-scanner.test.ts	security: add skill/plugin code safety scanner (#9806)	2026-02-05 16:06:11 -08:00
skill-scanner.ts	refactor(security): reuse shared scan path containment helper	2026-02-19 00:20:15 +00:00
temp-path-guard.test.ts	test(perf): simplify temp-path guard scan loop	2026-03-02 11:59:24 +00:00
windows-acl.test.ts	fix(security): recognize localized Windows SYSTEM account in ACL audit (#29698)	2026-03-02 08:38:56 -06:00
windows-acl.ts	fix(security): recognize localized Windows SYSTEM account in ACL audit (#29698)	2026-03-02 08:38:56 -06:00