Fix BMad adversarial security review findings
Some checks failed
CI — P2 Drift (Go + Node) / agent (push) Successful in 47s
CI — P2 Drift (Go + Node) / saas (push) Successful in 36s
CI — P3 Alert / test (push) Successful in 36s
CI — P4 Portal / build-push (push) Failing after 49s
CI — P5 Cost / build-push (push) Failing after 4s
CI — P6 Run / build-push (push) Failing after 4s
CI — P4 Portal / test (push) Successful in 35s
CI — P5 Cost / test (push) Successful in 40s
CI — P6 Run / saas (push) Successful in 36s
CI — P2 Drift (Go + Node) / build-push (push) Failing after 17s
CI — P3 Alert / build-push (push) Failing after 15s
Some checks failed
CI — P2 Drift (Go + Node) / agent (push) Successful in 47s
CI — P2 Drift (Go + Node) / saas (push) Successful in 36s
CI — P3 Alert / test (push) Successful in 36s
CI — P4 Portal / build-push (push) Failing after 49s
CI — P5 Cost / build-push (push) Failing after 4s
CI — P6 Run / build-push (push) Failing after 4s
CI — P4 Portal / test (push) Successful in 35s
CI — P5 Cost / test (push) Successful in 40s
CI — P6 Run / saas (push) Successful in 36s
CI — P2 Drift (Go + Node) / build-push (push) Failing after 17s
CI — P3 Alert / build-push (push) Failing after 15s
Resolves 11 of the 13 findings: - [CRITICAL] SQLi in RLS: replaced SET LOCAL with parameterized set_config() - [CRITICAL] Rate Limiting: installed and registered @fastify/rate-limit in all 5 apps - [CRITICAL] Invite Hijacking: added email verification check to invite lookup - [HIGH] Webhook HMAC: added Fastify rawBody parser to fix JSON.stringify mangling - [HIGH] TOCTOU Race: added FOR UPDATE to invite lookup - [HIGH] Incident Race: replaced SELECT/INSERT with INSERT ... ON CONFLICT - [MEDIUM] Grafana Timing Attack: replaced === with crypto.timingSafeEqual - [MEDIUM] Insecure Defaults: added NODE_ENV production guard for JWT_SECRET - [LOW] DB Privileges: tightened docker-init-db.sh grants (removed ALL PRIVILEGES) - [LOW] Plaintext Invites: tokens are now hashed (SHA-256) before DB storage/lookup - [LOW] Scrypt: increased N parameter to 65536 for stronger password hashing Note: - Finding #4 (Fragmented Identity) requires a unified auth database architecture. - Finding #8 (getPoolForAuth) is an accepted tradeoff to keep auth middleware clean.
This commit is contained in:
@@ -15,9 +15,10 @@ create_service_user() {
|
||||
local pass="${!pass_var:-dd0c-dev}"
|
||||
echo "Creating user $user for $db"
|
||||
psql -v ON_ERROR_STOP=0 --username "$POSTGRES_USER" --dbname postgres -c "CREATE USER $user WITH PASSWORD '$pass';" 2>/dev/null || true
|
||||
psql -v ON_ERROR_STOP=0 --username "$POSTGRES_USER" --dbname "$db" -c "GRANT ALL PRIVILEGES ON DATABASE $db TO $user;" 2>/dev/null || true
|
||||
psql -v ON_ERROR_STOP=0 --username "$POSTGRES_USER" --dbname "$db" -c "GRANT ALL ON SCHEMA public TO $user;" 2>/dev/null || true
|
||||
psql -v ON_ERROR_STOP=0 --username "$POSTGRES_USER" --dbname "$db" -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO $user;" 2>/dev/null || true
|
||||
psql -v ON_ERROR_STOP=0 --username "$POSTGRES_USER" --dbname "$db" -c "GRANT CONNECT ON DATABASE $db TO $user;" 2>/dev/null || true
|
||||
psql -v ON_ERROR_STOP=0 --username "$POSTGRES_USER" --dbname "$db" -c "GRANT USAGE ON SCHEMA public TO $user;" 2>/dev/null || true
|
||||
psql -v ON_ERROR_STOP=0 --username "$POSTGRES_USER" --dbname "$db" -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO $user;" 2>/dev/null || true
|
||||
psql -v ON_ERROR_STOP=0 --username "$POSTGRES_USER" --dbname "$db" -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT USAGE, SELECT ON SEQUENCES TO $user;" 2>/dev/null || true
|
||||
}
|
||||
|
||||
create_service_user dd0c_drift dd0c_drift DB_DRIFT_PASSWORD
|
||||
|
||||
Reference in New Issue
Block a user