 Oleksandr Bezdieniezhnykh
|
5214a4a647
|
[AZ-487] [AZ-488] security: cycle 2 delta audit (PASS_WITH_WARNINGS)
Step 14 (Security Audit) for cycle 2 — delta scan against the cycle-1
baseline. Verdict remains PASS_WITH_WARNINGS; no Critical/High.
Scope: JWT auth boundary (AZ-487) and UAV multipart upload + ImageSharp
decode of attacker-controlled bytes (AZ-488). Both new packages
(JwtBearer 8.0.21, ImageSharp 3.1.11 in Services.TileDownloader)
checked.
Cycle-2 delta:
* 0 Critical / 0 High
* 2 Medium: F-AUTH-2 (iss/aud not validated — by design until admin
team publishes values, AZ-487 § Constraints), F-UAV-1 (ImageSharp
decode now runs on attacker-controlled bytes — mitigations
sufficient; pin to GHSA subscribe-and-bump policy).
* 4 Low: F-AUTH-1 (DEV-ONLY secret in appsettings.Development.json —
accepted), F-AUTH-3 (rate-limit gap extends to 401 floods — folds
into cycle-1 I3), F-UAV-2 (JsonDocument.Parse on signature-validated
claims — bounded by Kestrel header cap), D3 (JwtBearer shares D1
patch line).
* 1 Informational: F-UAV-3 (reject reasons disclose gate structure —
accepted UX trade-off; documented in contract).
OWASP refresh: A01 / A07 move from N/A (with caveat) to
PASS_WITH_WARNINGS (per-tenant authz absent; iss/aud + revocation
gaps tracked).
Pre-deploy operational gate added: deploy pipeline must verify
JWT_SECRET != DEV-ONLY placeholder before promoting api.
Artifacts: dependency_scan.md, static_analysis.md, owasp_review.md,
infrastructure_review.md, security_report.md — all appended with a
"Cycle 2 Delta" section preserving cycle-1 finding IDs.
Co-authored-by: Cursor <cursoragent@cursor.com>
|
2026-05-12 00:13:58 +03:00 |
|
|
Oleksandr Bezdieniezhnykh
|
51b572108a
|
[AZ-484] Cycle 1 Steps 12-16: docs, security, perf, deploy report
ci/woodpecker/push/01-test Pipeline was successful
ci/woodpecker/push/02-build-push Pipeline was successful
Captures the post-implementation autodev gates for AZ-484 multi-source
tile storage:
- Step 12 (Test-Spec Sync): added 7 AC rows (AZ-484 AC-1..AC-7) and a
PT-07 NFR row to traceability-matrix.md; added PT-07 scenario to
performance-tests.md.
- Step 13 (Update Docs): refreshed data_model.md (tiles columns +
indexes + selection rule + UPSERT contract + migrations 012/013),
module-layout.md (Common/Enums section with L-001 guidance,
DataAccess imports-from now lists 6 sites), 6 module / component
docs to reflect the new repo signatures, source/captured_at fields,
and Dapper enum bypass workaround. ripple_log_cycle1.md records
zero out-of-scope ripple.
- Step 14 (Security Audit): PASS_WITH_WARNINGS - 0 Critical, 0 High,
5 Medium, 5 Low. AZ-484 itself added zero new findings. Hardening
items (Postgres default creds, .env in build context, GMaps key
rotation, ASP.NET Core 8.0.21 -> 8.0.25, rate limiter) recorded
for separate tickets.
- Step 15 (Performance Test): all PT-01..PT-07 scenarios Unverified
(non-blocking); PT-07 baseline-comparison harness deferred to a
leftover for next cycle.
- Step 16 (Deploy): cycle deploy report covering migration safety,
rollback path, post-deploy verification, security caveats.
Co-authored-by: Cursor <cursoragent@cursor.com>
|
2026-05-11 10:03:05 +03:00 |
|