Página Principal Explorar Ajuda
Iniciar Sessão
chiappa
/
irdb
mirror de https://git.snix.ch/chiappa/irdb.git
1
0
Fork 0
Ficheiros Problemas 0
Ver Fonte

docs: mark SEC_REVIEW F35 as fixed in d39ab01

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
chiappa há 4 dias atrás
pai
d39ab01a7c
commit
9b09048f24
1 ficheiros alterados com 21 adições e 1 exclusões
Visão Dividida Mostrar Estatísticas Diff
  1. 21 1
      doc/SEC_REVIEW.md

+ 21 - 1
doc/SEC_REVIEW.md
Ver Ficheiro 

@@ -11,7 +11,7 @@
 
 >
 
 > Each finding is referenced as **F<N>** for later citation.
 
 >
 
-> **Findings rolled up:** 5 sev-3 (5 fixed, 0 open), 27 sev-2 (27 fixed, 0 open), 42 sev-1 (2 fixed, 40 open).
 
+> **Findings rolled up:** 5 sev-3 (5 fixed, 0 open), 27 sev-2 (27 fixed, 0 open), 42 sev-1 (3 fixed, 39 open).
 
 
 ---
 
 
@@ -1214,6 +1214,26 @@
 
   weak token. Validate at startup that the token is at least 32 hex
 
   chars or refuse to boot.
 
 - **Severity: 1**
 
+- **Status:** Fixed. New `App\App\Config::validateOrExit()` (mirrors the
 
+  ui's `App\App\Config::validateOrExit`) runs from `api/public/index.php`
 
+  before `Container::build()`. It refuses to boot unless
 
+  `INTERNAL_JOB_TOKEN` matches `^[0-9a-fA-F]{32,}$`, writing a clear
 
+  human-readable error to STDERR and `exit(1)`-ing so the
 
+  misconfiguration crashes on `docker compose up` rather than serving
 
+  `/internal/*` to a docker-network neighbour with a weak shared secret.
 
+  32 hex chars = 128 bits of entropy; the `.env.example` documents
 
+  64 (from `openssl rand -hex 32`) and that remains the recommendation.
 
+  The middleware's own runtime branch
 
+  (`if ($expectedToken === '') { unauthorized; }`) stays in place as a
 
+  belt-and-braces defence-in-depth check for tests and for the
 
+  hypothetical case where a future call site builds the container
 
+  directly without going through `public/index.php`. Tests bypass the
 
+  validator (they call `Container::build($settings)` directly with
 
+  empty values), so the fix doesn't perturb `AppTestCase`. Regression
 
+  tests in `api/tests/Unit/App/ConfigTest.php` cover empty / missing-
 
+  key / short-hex / non-hex / 'foo' / 32-char-hex / 64-char-hex /
 
+  uppercase-hex, and a subprocess test asserts `validateOrExit()`
 
+  writes the error to STDERR and exits 1.
 
 
 ### F36 — UI session role/identity is captured at login and never re-validated
 
 - **Files:** `ui/src/Http/AuthRequiredMiddleware.php:27-32`,