fix: resolve 20 security vulnerabilities from comprehensive audit

Critical (1-3): - Replace hardcoded admin credentials with secure auto-generation (seed.py) - Enforce SECRET_KEY configuration, fail in production if missing (config.py) - Add Zip Slip and Zip Bomb protection to all ZIP import services High/Medium (4-9): - Add 50MB file size limit and extension whitelist to evidence uploads - Configure CORS origins via environment variable instead of hardcoded - Migrate JWT storage from localStorage to HttpOnly cookies (frontend+backend) - Add rate limiting (5/min) on login endpoint via slowapi - Replace generic dict payloads with Pydantic schemas (mass assignment) Medium (10-17): - Check is_active on login to prevent disabled users from authenticating - Sanitize exception messages in API responses (system, data_sources) - Escape LIKE wildcards in all ilike search filters across 8 routers - Run Docker container as non-root user (appuser) - Make MINIO_SECURE configurable via environment variable - Add password complexity policy (12+ chars, upper/lower/digit/special) - Implement JWT token revocation via in-memory blacklist + reduce TTL to 15min - Replace xml.etree with defusedxml to prevent Billion Laughs attacks Low (18-20): - Add security headers to Nginx (CSP, X-Frame-Options, HSTS-ready, etc.) - Disable Swagger UI/ReDoc/OpenAPI in production - Restrict /health endpoint to internal networks via Nginx ACL Also: rewrite install.sh as interactive wizard for guided deployment, fix test-from-template validation error (technique_id UUID vs MITRE ID)
2026-02-11 08:56:26 +01:00
parent e7e63161e8
commit 64d64080e0
36 changed files with 1154 additions and 311 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,11 +1,9 @@
 # =============================================================================
-# Aegis - MITRE ATT&CK Coverage Platform
+# Aegis - MITRE ATT&CK Coverage Platform (Development)
 # =============================================================================
 # 
 # Quick Start:
 #   docker-compose up -d
-#   docker-compose exec backend alembic upgrade head
-#   docker-compose exec backend python -m app.seed
 #
 # Access:
 #   - Frontend:      http://localhost:5173
@@ -13,7 +11,8 @@
 #   - Swagger UI:    http://localhost:8000/docs
 #   - MinIO Console: http://localhost:9001 (minioadmin/minioadmin)
 #
-# Default credentials: admin / admin123
+# Admin credentials are auto-generated on first start — check the
+# backend container logs:  docker-compose logs backend | grep -A5 "Admin"
 # =============================================================================

 services:
@@ -67,8 +66,9 @@ services:
    environment:
      # Database
      DATABASE_URL: postgresql://postgres:postgres@postgres:5432/attackdb
-      # Security (change in production!)
-      SECRET_KEY: change-me-in-production-use-a-long-random-string
+      # Security — SECRET_KEY is left unset so an ephemeral key is
+      # auto-generated for local development (see backend logs for warning).
+      # Set it explicitly if you need persistent sessions across restarts.
      ALGORITHM: HS256
      ACCESS_TOKEN_EXPIRE_MINUTES: 60
      # MinIO