|
@@ -11,7 +11,7 @@
|
|
|
>
|
|
>
|
|
|
> Each finding is referenced as **F<N>** for later citation.
|
|
> Each finding is referenced as **F<N>** for later citation.
|
|
|
>
|
|
>
|
|
|
-> **Findings rolled up:** 5 sev-3 (5 fixed, 0 open), 27 sev-2 (27 fixed, 0 open), 42 sev-1 (2 fixed, 40 open).
|
|
|
|
|
|
|
+> **Findings rolled up:** 5 sev-3 (5 fixed, 0 open), 27 sev-2 (27 fixed, 0 open), 42 sev-1 (3 fixed, 39 open).
|
|
|
|
|
|
|
|
---
|
|
---
|
|
|
|
|
|
|
@@ -1214,6 +1214,26 @@
|
|
|
weak token. Validate at startup that the token is at least 32 hex
|
|
weak token. Validate at startup that the token is at least 32 hex
|
|
|
chars or refuse to boot.
|
|
chars or refuse to boot.
|
|
|
- **Severity: 1**
|
|
- **Severity: 1**
|
|
|
|
|
+- **Status:** Fixed. New `App\App\Config::validateOrExit()` (mirrors the
|
|
|
|
|
+ ui's `App\App\Config::validateOrExit`) runs from `api/public/index.php`
|
|
|
|
|
+ before `Container::build()`. It refuses to boot unless
|
|
|
|
|
+ `INTERNAL_JOB_TOKEN` matches `^[0-9a-fA-F]{32,}$`, writing a clear
|
|
|
|
|
+ human-readable error to STDERR and `exit(1)`-ing so the
|
|
|
|
|
+ misconfiguration crashes on `docker compose up` rather than serving
|
|
|
|
|
+ `/internal/*` to a docker-network neighbour with a weak shared secret.
|
|
|
|
|
+ 32 hex chars = 128 bits of entropy; the `.env.example` documents
|
|
|
|
|
+ 64 (from `openssl rand -hex 32`) and that remains the recommendation.
|
|
|
|
|
+ The middleware's own runtime branch
|
|
|
|
|
+ (`if ($expectedToken === '') { unauthorized; }`) stays in place as a
|
|
|
|
|
+ belt-and-braces defence-in-depth check for tests and for the
|
|
|
|
|
+ hypothetical case where a future call site builds the container
|
|
|
|
|
+ directly without going through `public/index.php`. Tests bypass the
|
|
|
|
|
+ validator (they call `Container::build($settings)` directly with
|
|
|
|
|
+ empty values), so the fix doesn't perturb `AppTestCase`. Regression
|
|
|
|
|
+ tests in `api/tests/Unit/App/ConfigTest.php` cover empty / missing-
|
|
|
|
|
+ key / short-hex / non-hex / 'foo' / 32-char-hex / 64-char-hex /
|
|
|
|
|
+ uppercase-hex, and a subprocess test asserts `validateOrExit()`
|
|
|
|
|
+ writes the error to STDERR and exits 1.
|
|
|
|
|
|
|
|
### F36 — UI session role/identity is captured at login and never re-validated
|
|
### F36 — UI session role/identity is captured at login and never re-validated
|
|
|
- **Files:** `ui/src/Http/AuthRequiredMiddleware.php:27-32`,
|
|
- **Files:** `ui/src/Http/AuthRequiredMiddleware.php:27-32`,
|
chiappa