detections/_docs/05_security/owasp_review.md

OWASP Top 10 Review

Date: 2026-03-31 OWASP Version: 2025 (8th edition) Scope: Full codebase

Assessment

#	Category	Status	Findings
A01	Broken Access Control	FAIL	3
A02	Security Misconfiguration	FAIL	2
A03	Software Supply Chain Failures	FAIL	2
A04	Cryptographic Failures	FAIL	1
A05	Injection	PASS	—
A06	Insecure Design	FAIL	2
A07	Authentication Failures	FAIL	1
A08	Software or Data Integrity Failures	PASS	—
A09	Logging & Alerting Failures	FAIL	1
A10	Mishandling of Exceptional Conditions	FAIL	1

Category Details

A01: Broken Access Control — FAIL

1. No authentication required: All endpoints are publicly accessible. Bearer tokens are optional. Any network-reachable client can trigger inference, access SSE stream, and consume resources.
2. SSE stream leaks cross-user data: /detect/stream broadcasts all detection events to all connected clients regardless of identity. Horizontal privilege escalation — any user sees every other user's results.
3. No authorization on media operations: /detect/{media_id} reads any media file that the annotations service returns a path for. No check that the requesting user owns that media.

A02: Security Misconfiguration — FAIL

1. Docker containers run as root: Both Dockerfile and Dockerfile.gpu do not create or switch to a non-root user. Container compromise gives root filesystem access.
2. No security headers: The FastAPI app does not set standard security headers (X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security, Content-Security-Policy).

A03: Software Supply Chain Failures — FAIL

1. Unpinned dependencies: fastapi, uvicorn[standard], python-multipart are unpinned in requirements.txt. A compromised PyPI upload could be silently pulled during build.
2. Known CVEs in transitive dependencies: h11 (via uvicorn) has CVE-2025-43859 (CRITICAL — HTTP request smuggling); python-multipart has CVE-2026-28356 (HIGH — ReDoS).

A04: Cryptographic Failures — FAIL

1. JWT tokens not cryptographically verified: TokenManager._decode_exp() and decode_user_id() decode JWT payloads via base64 without signature verification. Forged tokens are accepted as valid.

A05: Injection — PASS

No SQL, command injection, XSS, LDAP, or template injection patterns found. JSON deserialization uses json.loads() which is safe. User input does not reach shell commands or query constructors.

A06: Insecure Design — FAIL

1. No rate limiting: Compute-intensive /detect endpoint has no rate limiting. With only 2 ThreadPoolExecutor workers, a small number of requests can exhaust inference capacity.
2. No input size validation: Uploaded files are fully read into memory (await file.read()) without size checks. Memory exhaustion possible with large payloads.

A07: Authentication Failures — FAIL

1. JWT token refresh silently fails: TokenManager._refresh() catches all exceptions and passes silently. Failed refreshes go undetected, potentially allowing expired tokens to be used indefinitely (until the next decode check).

A08: Software or Data Integrity Failures — PASS

No auto-update mechanisms, no CI/CD pipeline in the repo, no unsigned artifact consumption. Model files are loaded from a trusted internal loader service.

A09: Logging & Alerting Failures — FAIL

1. Security events not logged: Authentication failures, token refresh failures, and unauthorized access attempts are silently swallowed (except Exception: pass). No audit trail for security-relevant events.

A10: Mishandling of Exceptional Conditions — FAIL

1. Silent exception swallowing: Multiple except Exception: pass blocks (token refresh, annotation posting) hide failures. The system "fails open" — errors are ignored and processing continues, potentially in an inconsistent security state.