azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-26 08:11:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7ed780b0634eda3d8092f0c3e76cd865fde0fafb
satellite-provider/_docs/05_security/static_analysis_cycle9.md
T
Oleksandr Bezdieniezhnykh 7ed780b063
ci/woodpecker/push/01-test Pipeline failed
Details
ci/woodpecker/push/02-build-push unknown status
Details
[AZ-1074] [AZ-1075] Cycle 9 closeout: security, tests, metrics 
Resolve F-AZ1074-1/2 (collection caps, generic gRPC internal errors).
Standalone integration compose stack, docs, security audit, perf and retro.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-25 17:32:14 +03:00

49 lines
3.2 KiB
Markdown
Raw Blame History

# Static Analysis (Cycle 9)
**Date**: 2026-06-25
**Mode**: Delta scan
**Scope**: AZ-1074 + AZ-1075 gRPC surface. Cycle-8 baseline remains authoritative for REST validators.
**Files in scope**:
- `SatelliteProvider.Api/Grpc/RouteTileDeliveryGrpcService.cs` (new)
- `SatelliteProvider.Api/Program.cs` (`AddGrpc`, `MapGrpcService`, message size limits)
- `SatelliteProvider.Services.RouteManagement/TileProvision/RouteTileDeliveryOrchestrator.cs` (validation hardening)
- `SatelliteProvider.GrpcContracts/tile_provision.proto` + generated stubs
- `SatelliteProvider.IntegrationTests/RouteTileDeliveryGrpcTests.cs`, `GrpcTestHelpers.cs`
- `SatelliteProvider.IntegrationTests/Dockerfile` (linux/amd64, aspnet runtime)
- `docker-compose.tests.yml` (self-contained test stack)
**Method**: End-to-end read of new files; grep for hardcoded secrets; trace auth middleware order; compare gRPC validation bounds vs REST `CreateRouteRequestValidator`.
## Findings
### F-AZ1074-1 — Unbounded gRPC request collections enable authenticated DoS (Medium / A04) — **RESOLVED in cycle 9 (Step-14 follow-up)**
- **Location**: `RouteTileDeliveryOrchestrator.ValidateJob` (pre-fix).
- **Description**: `DeliverRouteTiles` accepted unbounded `waypoints`, `geofences`, and `client_tiles` protobuf repeated fields. REST `POST /api/satellite/route` caps `points` at 500 and `geofences.polygons` at 50 (cycle-8 F-AZ809-1 fix); gRPC had no equivalent caps before cycle 9 Step 14.
- **Impact**: Medium. Auth-gated (`[Authorize]` on `RouteTileDeliveryGrpcService`; JWT metadata required). Authenticated operator could force large CPU/memory work in `RouteTileExpander.Expand` and `ClientTileCatalog.IndexByZxy`.
- **Resolution**: Added `MaxWaypoints = 500`, `MaxGeofencePolygons = 50`, `MaxClientTiles = 5000` (inventory cap parity) to `ValidateJob`. Unit test `DeliverAsync_TooManyWaypoints_Throws` added.
### F-AZ1074-2 — Internal exception message echoed to gRPC client (Low / A09) — **RESOLVED in cycle 9 (Step-14 follow-up)**
- **Location**: `RouteTileDeliveryGrpcService.cs:55-58` (pre-fix).
- **Description**: Generic `catch (Exception)` wrote `ex.Message` into stream `DeliveryError.Message` — parallel to cycle-7 F-AZ795-1 (REST ProblemDetails path).
- **Impact**: Low. Auth-gated. Could leak internal exception text to authenticated clients.
- **Resolution**: Client message replaced with generic `"An internal error occurred."`; full exception still logged server-side.
## Pass areas (cycle-9 delta)
| Area | Result |
|------|--------|
| SQL injection | N/A — no new raw SQL |
| Hardcoded secrets | None in new files |
| gRPC auth | `[Authorize]` + `UseAuthentication`/`UseAuthorization` before `MapGrpcService` |
| JWT on gRPC | Integration tests pass Bearer token via metadata — matches REST contract |
| Message size limits | `MaxReceiveMessageSize = 16 MiB`, `MaxSendMessageSize = 64 MiB` configured |
| Protobuf parsing | Bounded by Kestrel/gRPC message limits; collection caps added post-audit |
| Test fixtures | `GrpcTestHelpers` uses env-resolved JWT via `JwtTestHelpers.MintAuthenticated` — no embedded secrets |
## Verdict
**PASS_WITH_WARNINGS** at audit time (1 Medium open → **resolved in Step-14 follow-up**). Post-fix delta: **PASS** for cycle-9 new code.
Reference in New Issue View Git Blame Copy Permalink