security: fix 6 vulnerabilities identified in SDLC audit
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
Some checks failed
Aegis CI / lint-and-test (push) Has been cancelled
- fix(auth): enforce API key scopes in require_role/require_any_role; attach _api_key_scopes to user on API key auth; add require_scope() dependency — scopes were stored but never enforced (CWE-285) - fix(sso): read SECURE_COOKIES env var for SSO cookie instead of hardcoded secure=False — SAML sessions now respect HTTPS config (CWE-614) - fix(webhooks): SSRF prevention — validate webhook URLs against private and reserved CIDRs at creation/update time (CWE-918) - fix(knowledge): restrict playbook/lesson create, update and restore to admin/red_lead/blue_lead roles — was open to any authenticated user (CWE-284) - fix(alerts): restrict alert acknowledge/resolve/dismiss to admin/lead roles — any user could silence security alerts (CWE-284) - security: delete get_admin_creds.py, check_auth.py, deploy.py scripts containing hardcoded root SSH credentials and production DB access; add scripts/.gitignore to prevent reintroduction (CWE-798)
This commit is contained in:
kitos
10
scripts/.gitignore
vendored
Normal file
10
scripts/.gitignore
vendored
Normal file
@@ -0,0 +1,10 @@
|
||||
# ─── Never commit scripts that contain server credentials ───────────────────
|
||||
# These files connect directly to production infrastructure and must never
|
||||
# enter version control. They are excluded here as a defence-in-depth measure.
|
||||
deploy.py
|
||||
check_auth.py
|
||||
get_admin_creds.py
|
||||
|
||||
# Also ignore any ad-hoc debug / one-off scripts
|
||||
debug_*.py
|
||||
reset_*.py
|
||||
Reference in New Issue
Block a user