kyle/eng-pad-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security hardening: fix critical, high, and medium issues from audit

Browse Source 
CRITICAL:
- A-001: SQL injection in snapshot — escape single quotes in backup path
- A-002: Timing attack — always verify against dummy hash when user not
  found, preventing username enumeration
- A-003: Notebook ownership — all authenticated endpoints now verify
  user_id before loading notebook data
- A-004: Point data bounds — decodePoints returns error on misaligned
  data, >4MB payloads, and NaN/Inf values

HIGH:
- A-005: Error messages — generic errors in HTTP responses, no err.Error()
- A-006: Share link authz — RevokeShareLink verifies notebook ownership
- A-007: Scan errors — return 500 instead of silently continuing

MEDIUM:
- A-008: Web server TLS — optional TLS support (HTTPS when configured)
- A-009: Input validation — page_size, stroke count, point_data alignment
  checked in SyncNotebook RPC
- A-010: Graceful shutdown — 30s drain on SIGINT/SIGTERM, all servers
  shut down properly

Added AUDIT.md with all 17 findings, status, and rationale for
accepted risks.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Kyle Isom
2026-03-24 20:16:26 -07:00
parent 51dd5a6ca3
commit ea9375b6ae
13 changed files with 478 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
internal/grpcserver/sync.go
View File

@@ -17,12 +17,33 @@ type SyncService struct {
BaseURL string
}
const maxTotalStrokes = 100000
func (s *SyncService) SyncNotebook(ctx context.Context, req *pb.SyncNotebookRequest) (*pb.SyncNotebookResponse, error) {
userID, ok := UserIDFromContext(ctx)
if !ok {
return nil, status.Error(codes.Internal, "missing user context")
}
// Validate page_size
if req.PageSize != "REGULAR" && req.PageSize != "LARGE" {
return nil, status.Errorf(codes.InvalidArgument, "invalid page_size: must be REGULAR or LARGE")
}
// Validate total stroke count and point_data alignment
totalStrokes := 0
for _, page := range req.Pages {
totalStrokes += len(page.Strokes)
if totalStrokes > maxTotalStrokes {
return nil, status.Errorf(codes.InvalidArgument, "total stroke count exceeds maximum of %d", maxTotalStrokes)
}
for _, stroke := range page.Strokes {
if len(stroke.PointData)%4 != 0 {
return nil, status.Errorf(codes.InvalidArgument, "point_data length must be a multiple of 4")
}
}
}
tx, err := s.DB.BeginTx(ctx, nil)
if err != nil {
return nil, status.Errorf(codes.Internal, "begin tx: %v", err)