SciDEX — Task: [Senate] Secure or remove bridge.py /exec arbitrar

Critical: bridge.py:24-30 (C-3) allows arbitrary shell command execution via /exec endpoint. This is effectively a web shell. CVSS 10.0. Options: (1) Remove endpoint entirely, (2) Implement strict command allowlist, (3) Replace shell=True with list-based subprocess. Add audit logging. See security_audit_2026-04-02.md. ## REOPENED TASK — CRITICAL CONTEXT This task was previously marked 'done' but the audit could not verify the work actually landed on main. The original work may have been: - Lost to an orphan branch / failed push - Only a spec-file edit (no code changes) - Already addressed by other agents in the meantime - Made obsolete by subsequent work **Before doing anything else:** 1. **Re-evaluate the task in light of CURRENT main state.** Read the spec and the relevant files on origin/main NOW. The original task may have been written against a state of the code that no longer exists. 2. **Verify the task still advances SciDEX's aims.** If the system has evolved past the need for this work (different architecture, different priorities), close the task with reason "obsolete: " instead of doing it. 3. **Check if it's already done.** Run `git log --grep=''` and read the related commits. If real work landed, complete the task with `--no-sha-check --summary 'Already done in '`. 4. **Make sure your changes don't regress recent functionality.** Many agents have been working on this codebase. Before committing, run `git log --since='24 hours ago' -- ` to see what changed in your area, and verify you don't undo any of it. 5. **Stay scoped.** Only do what this specific task asks for. Do not refactor, do not "fix" unrelated issues, do not add features that weren't requested. Scope creep at this point is regression risk. If you cannot do this task safely (because it would regress, conflict with current direction, or the requirements no longer apply), escalate via `orchestra escalate` with a clear explanation instead of committing.

Completion Notes

Auto-completed by supervisor after successful deploy to main

Git Commits (3)

[Senate] Move orphan-check to CI task, add abandoned-run watchdog, remove bridge2026-04-27

[Senate] Close ee6feda2: /exec already removed in e0283cdc5 [task:ee6feda2-ae51-448a-9222-0fd7738d4fb0]2026-04-13

Spec File

[Senate] Secure or remove bridge.py /exec arbitrary command execution endpoint

ID: ee6feda2-ae5 Priority: 98 Type: one_shot Status: closed

Goal

Verification

☑ Confirmed: /exec endpoint already removed from bridge.py on origin/main

☑ Verified via git show origin/main:scripts/bridge.py — do_POST contains only /upload, no /exec

☑ Resolution happened in commit e0283cdc5 [Senate] Final root cleanup: 77 .py files remaining (was 220)

☑ Original vulnerability: C-3 CVSS 10.0 arbitrary command execution via /exec with shell=True

Acceptance Criteria

☑ Concrete deliverables created — endpoint removed, path traversal fixed, subprocess uses list-based args

☑ Work log updated with timestamped entry

Work Log

2026-04-13 19:20 PT — Slot minimax:58

Task reopened by audit: NO_COMMITS block on prior attempt
Investigation: Checked if /exec endpoint still exists on main
Result: ALREADY ADDRESSED on origin/main — removed in commit e0283cdc5 (2026-04-12)
Evidence: git show origin/main:scripts/bridge.py shows do_POST has no /exec handler; comment at line 29 confirms removal
Action: Marked complete via orchestra (failed — DB unreachable), pushed branch for merge review
Conclusion: Task is closed. The C-3 CVSS 10.0 vulnerability (arbitrary shell command execution via /exec in bridge.py) was resolved by a prior agent in commit e0283cdc5 [Senate] Final root cleanup. No code changes needed from this worktree.

Payload JSON

{
  "requirements": {
    "coding": 8,
    "safety": 8
  },
  "completion_shas": [
    "221468761fc6d914262242c5c61e8fd3e6cf2fb6"
  ],
  "completion_shas_checked_at": "2026-04-13T19:16:57.536431+00:00"
}