Security hardening: fix critical, high, and medium issues from audit
CRITICAL: - A-001: SQL injection in snapshot — escape single quotes in backup path - A-002: Timing attack — always verify against dummy hash when user not found, preventing username enumeration - A-003: Notebook ownership — all authenticated endpoints now verify user_id before loading notebook data - A-004: Point data bounds — decodePoints returns error on misaligned data, >4MB payloads, and NaN/Inf values HIGH: - A-005: Error messages — generic errors in HTTP responses, no err.Error() - A-006: Share link authz — RevokeShareLink verifies notebook ownership - A-007: Scan errors — return 500 instead of silently continuing MEDIUM: - A-008: Web server TLS — optional TLS support (HTTPS when configured) - A-009: Input validation — page_size, stroke count, point_data alignment checked in SyncNotebook RPC - A-010: Graceful shutdown — 30s drain on SIGINT/SIGTERM, all servers shut down properly Added AUDIT.md with all 17 findings, status, and rationale for accepted risks. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -25,7 +25,10 @@ func TestRenderSVG(t *testing.T) {
|
||||
},
|
||||
}
|
||||
|
||||
svg := RenderSVG("REGULAR", strokes)
|
||||
svg, err := RenderSVG("REGULAR", strokes)
|
||||
if err != nil {
|
||||
t.Fatalf("render: %v", err)
|
||||
}
|
||||
|
||||
if !strings.Contains(svg, "<svg") {
|
||||
t.Fatal("expected SVG element")
|
||||
@@ -51,7 +54,10 @@ func TestRenderSVGDashed(t *testing.T) {
|
||||
},
|
||||
}
|
||||
|
||||
svg := RenderSVG("REGULAR", strokes)
|
||||
svg, err := RenderSVG("REGULAR", strokes)
|
||||
if err != nil {
|
||||
t.Fatalf("render: %v", err)
|
||||
}
|
||||
if !strings.Contains(svg, "stroke-dasharray") {
|
||||
t.Fatal("expected stroke-dasharray for dashed line")
|
||||
}
|
||||
@@ -67,7 +73,10 @@ func TestRenderSVGArrow(t *testing.T) {
|
||||
},
|
||||
}
|
||||
|
||||
svg := RenderSVG("REGULAR", strokes)
|
||||
svg, err := RenderSVG("REGULAR", strokes)
|
||||
if err != nil {
|
||||
t.Fatalf("render: %v", err)
|
||||
}
|
||||
if !strings.Contains(svg, "<line") {
|
||||
t.Fatal("expected arrow head lines")
|
||||
}
|
||||
@@ -111,7 +120,10 @@ func TestRenderPDF(t *testing.T) {
|
||||
},
|
||||
}
|
||||
|
||||
data := RenderPDF("REGULAR", pages)
|
||||
data, err := RenderPDF("REGULAR", pages)
|
||||
if err != nil {
|
||||
t.Fatalf("render: %v", err)
|
||||
}
|
||||
if len(data) == 0 {
|
||||
t.Fatal("expected non-empty PDF")
|
||||
}
|
||||
@@ -130,3 +142,29 @@ func TestPageSizePt(t *testing.T) {
|
||||
t.Fatalf("LARGE: got %v x %v, want 792 x 1224", w, h)
|
||||
}
|
||||
}
|
||||
|
||||
func TestDecodePointsInvalidLength(t *testing.T) {
|
||||
// Not a multiple of 4
|
||||
data := []byte{1, 2, 3}
|
||||
_, err := decodePoints(data)
|
||||
if err == nil {
|
||||
t.Fatal("expected error for non-multiple-of-4 data")
|
||||
}
|
||||
}
|
||||
|
||||
func TestDecodePointsNaN(t *testing.T) {
|
||||
data := make([]byte, 4)
|
||||
binary.LittleEndian.PutUint32(data, math.Float32bits(float32(math.NaN())))
|
||||
_, err := decodePoints(data)
|
||||
if err == nil {
|
||||
t.Fatal("expected error for NaN point data")
|
||||
}
|
||||
}
|
||||
|
||||
func TestDecodePointsOversize(t *testing.T) {
|
||||
data := make([]byte, maxPointDataSize+4)
|
||||
_, err := decodePoints(data)
|
||||
if err == nil {
|
||||
t.Fatal("expected error for oversized point data")
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user