← nischoy.ai

soft-serve Verification

SMT2 formal verification of security-critical code paths

ALL VERIFIED
Overall
1
Properties Checked
1
Verified
0
Failed

Import Remote Must Be Validated As Network Endpoint

VERIFIED

Function: ImportRepository · Z3 solved in 0.2ms

CVE-2026-33353 class: repository import must validate attacker-controlled REMOTE as a true network endpoint before git.Clone. This catches sibling variants where destination authorization exists but source remote validation is skipped, enabling local-path cloning of server-local private repositories.

View SMT2 Constraints 
; benchmark generated from python API
(set-info :status unknown)
(declare-fun import_remote_validated () Int)
(assert
 (<= import_remote_validated 1))
(assert
 (>= import_remote_validated 1))
(assert
 (and (distinct import_remote_validated 1) true))
(check-sat)

Last verified: 2026-03-26 06:05:19 UTC · Solver: Z3 4.16.0