Security audit: Fix critical dependency vulnerabilities and add security controls

Co-authored-by: kingassune <6126851+kingassune@users.noreply.github.com>
2026-02-03 22:08:33 +00:00
parent 9d4c00ac6a
commit 8b4e0a8868
6 changed files with 351 additions and 8 deletions
--- a/nanobot/channels/base.py
+++ b/nanobot/channels/base.py
@@ -3,6 +3,8 @@
 from abc import ABC, abstractmethod
 from typing import Any

+from loguru import logger
+
 from nanobot.bus.events import InboundMessage, OutboundMessage
 from nanobot.bus.queue import MessageBus

@@ -68,9 +70,10 @@ class BaseChannel(ABC):
        """
        allow_list = getattr(self.config, "allow_from", [])
        
-        # If no allow list, allow everyone
+        # Fail-closed: if no allow list is configured, deny access
+        # Users must explicitly configure allowed senders
        if not allow_list:
-            return True
+            return False
        
        sender_str = str(sender_id)
        if sender_str in allow_list:
@@ -102,6 +105,10 @@ class BaseChannel(ABC):
            metadata: Optional channel-specific metadata.
        """
        if not self.is_allowed(sender_id):
+            logger.warning(
+                f"Access denied for sender {sender_id} on channel {self.name}. "
+                f"Add them to allowFrom list in config to grant access."
+            )
            return
        
        msg = InboundMessage(