docs: update repository audit report after re-audit
This commit is contained in:
@@ -6,51 +6,52 @@ This document contains a comprehensive audit of the dumpsterChat repository, hig
|
|||||||
|
|
||||||
## 1. Security Vulnerabilities & Bypasses
|
## 1. Security Vulnerabilities & Bypasses
|
||||||
|
|
||||||
### 🚨 Plaintext Webhook Tokens Stored in Database (Task 8 Regression/Incomplete) ✅ RESOLVED
|
### 🚨 Plaintext Webhook Tokens Stored in Database ✅ RESOLVED
|
||||||
* **Location:** [internal/db/db.go](file:///opt/dumpsterChat/internal/db/db.go#L171-L191), [internal/webhook/handlers.go](file:///opt/dumpsterChat/internal/webhook/handlers.go#L145-L151)
|
* **Location:** [internal/db/db.go](file:///opt/dumpsterChat/internal/db/db.go#L189), [internal/webhook/handlers.go](file:///opt/dumpsterChat/internal/webhook/handlers.go#L143-L151)
|
||||||
* **Fix:** DROP COLUMN migration added, INSERT no longer stores plaintext `token`.
|
* **Fix:** Plaintext token column has been dropped via DDL migration (`ALTER TABLE webhooks DROP COLUMN IF EXISTS token;`), and webhook creation no longer stores plaintext tokens in the database.
|
||||||
|
|
||||||
### 🚨 Message and Channel Access Bypasses Role Permissions & Overrides
|
### 🚨 Message and Channel Access Bypasses Role Permissions & Overrides
|
||||||
* **Location:** [internal/message/handlers.go](file:///opt/dumpsterChat/internal/message/handlers.go#L671-L692), [internal/channel/handlers.go](file:///opt/dumpsterChat/internal/channel/handlers.go#L165-L187)
|
* **Location:** [internal/message/handlers.go](file:///opt/dumpsterChat/internal/message/handlers.go#L663-L686), [internal/channel/handlers.go](file:///opt/dumpsterChat/internal/channel/handlers.go#L165-L187)
|
||||||
* **Description:** Access to channel reading, message listing, and message posting is checked solely via server membership (`members` table). Role permissions (like `VIEW_CHANNEL` or `SEND_MESSAGES`) and channel-level overrides (`channel_overrides` table) are completely ignored.
|
* **Description:** Access to channel reading, message listing, and message posting is checked solely via server membership (`members` table). Role permissions (like `VIEW_CHANNEL` or `SEND_MESSAGES`) and channel-level overrides (`channel_overrides` table) are completely ignored.
|
||||||
* **Impact:** Any user who is a member of a server can read, search, and post messages in *any* channel on that server (including private, forum, calendar, or documentation channels), completely bypassing the permissions configuration system.
|
* **Impact:** Any user who is a member of a server can read, search, and post messages in *any* channel on that server (including private, forum, calendar, or documentation channels), completely bypassing the permissions configuration system.
|
||||||
* **Remediation:** Update `requireChannelAccess` in `message.Handler` to use `permissions.Checker` to verify channel permission overrides and server roles.
|
* **Remediation:** Update `requireChannelAccess` in `message.Handler` to use `permissions.Checker` to verify channel permission overrides and server roles.
|
||||||
|
|
||||||
### ⚠️ WebAuthn Session Cookie SameSite Laxity ✅ RESOLVED
|
### ⚠️ WebAuthn Session Cookie SameSite Laxity ✅ RESOLVED
|
||||||
* **Location:** [internal/auth/cookie.go](file:///opt/dumpsterChat/internal/auth/cookie.go#L20)
|
* **Location:** [internal/auth/cookie.go](file:///opt/dumpsterChat/internal/auth/cookie.go#L17)
|
||||||
* **Fix:** Changed to `http.SameSiteStrictMode`.
|
* **Fix:** Changed SameSite configuration to `http.SameSiteStrictMode`.
|
||||||
|
|
||||||
### ⚠️ WebAuthn Session Cookie Secure Flag Relies on Env Var ✅ RESOLVED
|
### ⚠️ WebAuthn Session Cookie Secure Flag Relies on Env Var ✅ RESOLVED
|
||||||
* **Location:** [internal/auth/cookie.go](file:///opt/dumpsterChat/internal/auth/cookie.go#L12-L19)
|
* **Location:** [internal/auth/cookie.go](file:///opt/dumpsterChat/internal/auth/cookie.go#L12)
|
||||||
* **Fix:** Default `secure` to `true` unless `COOKIE_SECURE=false` explicitly set.
|
* **Fix:** Default `secure` is now set to `true` unless `COOKIE_SECURE=false` is explicitly set in environment variables.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 2. Functional Bugs & Defects
|
## 2. Functional Bugs & Defects
|
||||||
|
|
||||||
### 🐛 User Avatar Cannot Be Changed ✅ RESOLVED
|
### 🐛 User Avatar Cannot Be Changed (Backend fixed, Frontend still broken) ⚠️ PARTIALLY RESOLVED
|
||||||
* **Location:** [internal/auth/handlers.go](file:///opt/dumpsterChat/internal/auth/handlers.go#L212-L225)
|
* **Location:** [internal/auth/handlers.go](file:///opt/dumpsterChat/internal/auth/handlers.go#L210-L220), [web/src/components/UserSettings.tsx](file:///opt/dumpsterChat/web/src/components/UserSettings.tsx#L73-L84)
|
||||||
* **Fix:** Added `AvatarURL` to `updateProfileRequest`, wired into SQL UPDATE for `avatar` column.
|
* **Status:** The backend has been successfully updated to accept `AvatarURL` in the PATCH request. However, the frontend avatar upload code is still broken: it uploads the file to `/api/v1/upload` but does not parse the response URL, nor does it call the profile update endpoint to save the returned URL.
|
||||||
|
* **Remediation:** Update `handleAvatarUpload` in `UserSettings.tsx` to read the returned JSON URL and send a PATCH request via `updateProfile` containing the `avatar_url`.
|
||||||
|
|
||||||
### 🐛 TUI Client Auth Failure Fallback Bug ✅ RESOLVED
|
### 🐛 TUI Client Auth Failure Fallback Bug ✅ RESOLVED
|
||||||
* **Location:** [cmd/tui/auth.go](file:///opt/dumpsterChat/cmd/tui/auth.go#L28)
|
* **Location:** [cmd/tui/auth.go](file:///opt/dumpsterChat/cmd/tui/auth.go#L21-L36)
|
||||||
* **Fix:** Fallback reads into password variable instead of overwriting email.
|
* **Fix:** Correctly handles password input via fallback `pwLine` scanner without overwriting the user's email address.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 3. Dead Code
|
## 3. Dead Code
|
||||||
|
|
||||||
### 🗑️ Unused `ComputeChannelPermissions` ✅ RESOLVED
|
### 🗑️ Unused `ComputeChannelPermissions` ✅ RESOLVED
|
||||||
* **Location:** [internal/permissions/overrides.go](file:///opt/dumpsterChat/internal/permissions/overrides.go#L10)
|
* **Location:** [internal/permissions/overrides.go](file:///opt/dumpsterChat/internal/permissions/overrides.go)
|
||||||
* **Fix:** Removed the unused function.
|
* **Fix:** Unused function removed from the package.
|
||||||
|
|
||||||
### 🗑️ Duplicated Permission Verification
|
### 🗑️ Duplicated Permission Verification
|
||||||
* **Location:** [internal/message/handlers.go](file:///opt/dumpsterChat/internal/message/handlers.go#L136-L164)
|
* **Location:** [internal/message/handlers.go](file:///opt/dumpsterChat/internal/message/handlers.go#L129-L158)
|
||||||
* **Description:** The `checkPermission` method in `message.Handler` duplicates role checking queries instead of using the `permissions.Checker` struct.
|
* **Description:** The `checkPermission` method in `message.Handler` duplicates role checking queries instead of using the `permissions.Checker` struct.
|
||||||
|
|
||||||
### 🗑️ Obsolete Handler Type ✅ RESOLVED
|
### 🗑️ Obsolete Handler Type ✅ RESOLVED
|
||||||
* **Location:** [internal/message/handlers.go](file:///opt/dumpsterChat/internal/message/handlers.go#L31-L35)
|
* **Location:** [internal/message/handlers.go](file:///opt/dumpsterChat/internal/message/handlers.go)
|
||||||
* **Fix:** Removed `Handler_old`.
|
* **Fix:** Removed obsolete `Handler_old` struct definition.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
@@ -62,4 +63,4 @@ This document contains a comprehensive audit of the dumpsterChat repository, hig
|
|||||||
|
|
||||||
### 🔑 Hardcoded Valkey Password Placeholder ✅ RESOLVED
|
### 🔑 Hardcoded Valkey Password Placeholder ✅ RESOLVED
|
||||||
* **Location:** [internal/config/config.go](file:///opt/dumpsterChat/internal/config/config.go#L111)
|
* **Location:** [internal/config/config.go](file:///opt/dumpsterChat/internal/config/config.go#L111)
|
||||||
* **Fix:** Default fallback set to `redis://localhost:6379`.
|
* **Fix:** Default fallback URL set to `redis://localhost:6379`.
|
||||||
|
|||||||
Reference in New Issue
Block a user