azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-21 09:51:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-809] F-AZ809-1: cap geofences.polygons at 50 (security audit)

Browse Source 
Closes the cycle-8 Medium DoS finding. Without the cap, an
authenticated caller could submit millions of bbox polygons in a
single 500 MiB request (Kestrel global limit) and saturate the
FluentValidation allocator on the validator hot path; each polygon
is ~90 bytes of JSON, so the body limit is not a useful gate.

Realistic use is 1-10 polygons per route — 50 leaves 5x headroom
while bounding the worst-case allocation.

Layers:
- CreateRouteRequestValidator: MaxPolygons = 50 + Must(...) chained
  before RuleForEach so the count error fires at "geofences.polygons"
  (not the leaf path).
- Unit: Validate_GeofencePolygonsTooMany_FailsCountRule.
- Integration: GeofencePolygonsTooMany_Returns400 (51 valid bbox
  polygons -> HTTP 400 + errors["geofences.polygons"]).
- Contract: route-creation.md -> v1.0.1 patch (tightening an
  existing range). New Inv-10, new geofence-polygons-too-many
  test case, changelog row.
- Test spec: BT-29 sub-case 9b + AZ-809 AC-1b row in the
  traceability matrix.
- Security report: F-AZ809-1 marked RESOLVED in cycle 8; verdict
  remains PASS_WITH_WARNINGS (Lows + carry-overs unchanged).

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-05-23 15:29:10 +03:00
parent ac40a8b352
commit 8fca6e0209
9 changed files with 120 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
SatelliteProvider.Tests/Validators/CreateRouteRequestValidatorTests.cs
+27
View File
@@ -249,6 +249,33 @@ public class CreateRouteRequestValidatorTests
result.ShouldHaveValidationErrorFor("geofences.polygons");
}
[Fact]
public void Validate_GeofencePolygonsTooMany_FailsCountRule()
{
// Arrange — 51 polygons; cap is 50 (security-audit F-AZ809-1 fix).
// Each polygon is a valid bbox so only the count rule should fire.
var request = ValidRequest();
request.Geofences = new Geofences
{
Polygons = Enumerable
.Range(0, 51)
.Select(_ => new GeofencePolygon
{
NorthWest = new GeoPoint(50.15, 36.05),
SouthEast = new GeoPoint(50.05, 36.15),
})
.ToList(),
};
// Act
var result = _validator.TestValidate(request);
// Assert — OverridePropertyName makes the count rule fire at the
// wire-format path `geofences.polygons` (not the leaf-only `polygons`).
result.ShouldHaveValidationErrorFor("geofences.polygons")
.WithErrorMessage("`geofences.polygons` must contain at most 50 polygons.");
}
[Fact]
public void Validate_CreateTilesZipWithoutRequestMaps_FailsCrossFieldRule()
{