azaion/satellite-provider
1
0
Fork 0
mirror of https://github.com/azaion/satellite-provider.git synced 2026-06-21 10:11:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a49f6c941ba898537f51132305c2fd0df4a80fe8
satellite-provider/_docs/05_security/infrastructure_review_cycle7.md
T
Oleksandr Bezdieniezhnykh bc04ba7f99 [AZ-794] [AZ-795] [AZ-796] Cycle 7 Steps 12-15 sync (test-spec / docs / security / perf) 
Step 12 (Test-Spec Sync): adds BT-27 for the AZ-796 9-rule
validation surface and 12 cycle-7 AC rows + Coverage Summary
update to traceability-matrix.md.

Step 13 (Update Docs): module-layout + module docs for the new
SatelliteProvider.Api/Validators namespace + GlobalExceptionHandler
+ updated TileInventory DTO; tests_unit + tests_integration
document the new InventoryRequestValidatorTests (16 unit tests
covering all 9 rules) + TileInventoryValidationTests (16
integration tests) + ProblemDetailsAssertions support;
glossary entries for Validation Problem Details / FluentValidation
/ Unmapped Member Handling; system-flows F8 (Tile Inventory Bulk
Lookup) expanded with deserializer + validator gates and a 13-row
Validation Surface table; data_parameters § Tile Inventory
documents the v2 input schema + constraints; ripple_log_cycle7
captures the doc-side ripple decisions.

Step 14 (Security Audit): 5-phase audit ran; verdict
PASS_WITH_WARNINGS (3 Low findings — D-AZ795-1 FluentValidation
12.0.0 -> 12.1.1 recommended bump, F-AZ795-1 JsonException.Message
leak in 400 detail, F-AZ795-2 BadHttpRequestException.Message leak).
No Critical / High; auth runs before validation (confirmed in
Program.cs); two NuGet additions (FluentValidation 12.0.0 +
.DependencyInjectionExtensions 12.0.0) both CVE-clean. Per-phase
reports plus consolidated security_report_cycle7.md.

Step 15 (Performance Test): docker compose stack used for perf
run, scripts/run-performance-tests.sh exited 0 with 8/8 scenarios
PASS (second consecutive clean exit-0); added PT-09 cycle-7 smoke
probe (v2 z/x/y schema, 2500-tile all-miss batch) measuring
min=27ms median=44ms p95=73ms max=86ms (13.7x under AZ-505 AC-4
1000ms budget). PT-07/08 improvements traced to the cycle-6 TLS
handshake-overhead identification, not application-side change.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-22 11:24:27 +03:00

3.4 KiB
Raw Blame History

Infrastructure & Configuration Review (Cycle 7)

Date: 2026-05-22 Mode: Delta scan Scope: Cycle-7 changes to deployment configs, CI/CD files, and shell scripts only.

Cycle-7 Infrastructure-Layer Diff

Computed via git log --since=2026-05-19 -- Dockerfile* docker-compose* .woodpecker.yml .github/** scripts/** against the cycle-7 commit (865dfdb):

File Diff Security relevance
docker-compose.yml Host port for Postgres moved 5432:54325433:5432. Container-internal port unchanged. Local-dev only; the host port move avoids a sibling-project conflict. Does not affect production (production runs containers on a private docker network without host-port mapping per the existing deployment model). No exposure change.
scripts/probe_inventory_validation.sh NEW manual probe script. Reviewed in static_analysis_cycle7.md Test Code Review § scripts/probe_inventory_validation.sh. No embedded credentials; fails fast under set -o errexit -o pipefail -o nounset. curl --insecure used and justified for the dev self-signed cert. ✓

No changes to:

  • Dockerfile, Dockerfile.tests, Dockerfile.api, or any image-build file.
  • docker-compose.tests.yml, docker-compose.prod.yml, or any orchestration file other than the one host-port edit above.
  • .woodpecker.yml, .github/workflows/**, or any CI/CD pipeline definition.
  • scripts/run-tests.sh, scripts/run-performance-tests.sh, or any other harness shell script.

Container & Image Security — Carried Forward Unchanged

Check Status (carried from cycle 5/6) Cycle-7 impact
Non-root container user (Dockerfile USER directive) Already in effect None
Minimal base image (alpine/distroless/etc.) The API image uses the .NET 10 SDK base — same as cycle 5; image hardening is owned by a separate, still-unscheduled follow-up task. None
No secrets in build args Verified cycle 5; no Dockerfile change in cycle 7 None
Health checks Compose healthcheck block on Postgres unchanged None

CI/CD Security — Carried Forward Unchanged

Check Status Cycle-7 impact
Secrets management (env vars / vault, not pipeline literals) Existing pattern preserved None
No credentials in pipeline definitions .woodpecker.yml untouched in cycle 7 None
Artifact signing Existing posture (none — owned by a separate operational improvement track) None
Dependency-audit step in pipeline Existing posture (manual audit per dependency_scan_cycle*.md; no automated dotnet list package --vulnerable in CI due to the build-hang issue noted in AGENTS.md) None

Environment & Secrets

  • .env.example — not modified in cycle 7. The cycle-7 code reads no new env vars (FluentValidation has no config knobs; GlobalValidatorConfig is pure code).
  • appsettings.Development.json — minor edit during cycle 7 (the connection-string port change, mirroring the compose-file edit). No new secret material.
  • appsettings.json — production template; unchanged in cycle 7.

Verdict (Phase 4)

PASS — zero new infrastructure-layer findings.

The single docker-compose host-port edit is a local-developer-convenience change with no exposure implication. The new probe shell script is dev/test only, env-driven, and contains no embedded secrets.

Reference in New Issue View Git Blame Copy Permalink