security: fix critical vulnerabilities (issues #2 and #3)
Deploy Dashboard (Dev) / deploy-dev (push) Failing after 55s
Run Tests / Backend Tests (push) Successful in 2m2s
Run Tests / Test Summary (push) Failing after 12s
Run Tests / Frontend Tests (push) Failing after 2m4s

Issue #2: Unprotected Chat Summary Trigger (CRITICAL)
- Add authentication and admin authorization to /trigger endpoint
- Add path validation to prevent directory traversal
- Block access to system directories (/etc, /root, /sys, /proc, /boot)
- Add tests for unauthorized access and invalid paths

Issue #3: Exception Information Disclosure (HIGH)
- Replace raw exception messages with generic errors
- Log full exception details server-side with logger.exception()
- Affected files: auth.py, files.py, passkey.py, opc_agents.py
- Prevents information leakage about system architecture

Security Impact:
- Prevents unauthenticated file system writes
- Reduces reconnaissance opportunities for attackers
- Maintains security while preserving debugging capability

Tests: 214 passing, all security tests verified
This commit is contained in:
Gan, Jimmy
2026-04-08 00:57:14 +08:00
parent 24969d0d3e
commit dac163d88c
6 changed files with 63 additions and 13 deletions
+6 -2
View File
@@ -1,6 +1,7 @@
"""WebAuthn Passkey authentication endpoints."""
import json
import logging
import time
from datetime import timedelta
@@ -22,6 +23,7 @@ import config
router = APIRouter()
limiter = Limiter(key_func=get_remote_address)
logger = logging.getLogger(__name__)
# In-memory challenge store with TTL
_challenges = {}
@@ -83,7 +85,8 @@ async def passkey_register_verify(request: Request, current_user=Depends(auth.ge
expected_origin=config.WEBAUTHN_ORIGINS,
)
except Exception as e:
raise HTTPException(status_code=400, detail=str(e))
logger.exception("Passkey registration verification failed")
raise HTTPException(status_code=400, detail="Invalid passkey registration")
auth.save_passkey_credential(
{
@@ -137,7 +140,8 @@ async def passkey_login_verify(request: Request, response: Response):
credential_current_sign_count=matched["sign_count"],
)
except Exception as e:
raise HTTPException(status_code=400, detail=str(e))
logger.exception("Passkey authentication verification failed")
raise HTTPException(status_code=400, detail="Invalid passkey authentication")
# Update sign count
matched["sign_count"] = verification.new_sign_count