Skip to content

fix: add API key auth gate on all mutating routes via before_request#95

Open
Joshua-Medvinsky wants to merge 1 commit into
themanojdesai:mainfrom
Joshua-Medvinsky:fix/find-006-fail-open-auth
Open

fix: add API key auth gate on all mutating routes via before_request#95
Joshua-Medvinsky wants to merge 1 commit into
themanojdesai:mainfrom
Joshua-Medvinsky:fix/find-006-fail-open-auth

Conversation

@Joshua-Medvinsky

Copy link
Copy Markdown

Summary

The Flask application exposes all endpoints — including message handling (/a2a POST), streaming, task creation/cancellation, and the AgentFlow management API — with no authentication. Any unauthenticated HTTP client can invoke agent logic, create/cancel tasks, spawn subprocesses, and read all agent outputs. The server defaults to binding on 0.0.0.0:5000.

Fix

Add a before_request hook that checks A2A_API_KEY env var on all mutating routes (POST, PUT, DELETE, PATCH). If the key is set, requests must include it as a Bearer token in the Authorization header. If the key is not set, the server operates in open-access dev mode (backwards compatible).

Test Plan

  • With A2A_API_KEY set, unauthenticated POST returns 401
  • With A2A_API_KEY set, authenticated POST with correct Bearer token succeeds
  • Without A2A_API_KEY, all routes work as before (dev mode)
  • GET routes remain unauthenticated (agent card discovery)

Security Note

Severity: High. Fail-open auth on all mutating endpoints allows unauthenticated task execution, agent hijacking, and subprocess spawning.

Signed-off-by: FailSafe Researcher <joshua@getfailsafe.com>
@Joshua-Medvinsky Joshua-Medvinsky force-pushed the fix/find-006-fail-open-auth branch from b7c4ec0 to 2e5c591 Compare June 10, 2026 03:22
@failsafesecurity

Copy link
Copy Markdown

Hi maintainers — friendly follow-up on this security hardening PR. It has been open for a while with no reviewer feedback, so I wanted to resurface it.

Happy to rebase, adjust the approach, add tests, or split the change differently if that would make review easier. Thanks!

@failsafesecurity

Copy link
Copy Markdown

Hi — this security PR has been open for 40 days without maintainer response. Per our responsible disclosure policy, I'll be closing this PR shortly. I may resubmit via a bounty platform if appropriate. Thanks for your time.

@failsafesecurity

Copy link
Copy Markdown

Closing per responsible disclosure policy: 35+ days open with no maintainer response. May resubmit via bounty platform.

@failsafesecurity

Copy link
Copy Markdown

This security fix has been open for 30+ days. Per our responsible disclosure timeline, we'd like to move toward resolution. We can: (1) rebase and adjust the patch, (2) reach out via security@ email, or (3) resubmit via a bounty platform. Please let us know your preference.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants