diff --git a/.jules/sentinel.md b/.jules/sentinel.md index 9c0efd7..fe8b178 100644 --- a/.jules/sentinel.md +++ b/.jules/sentinel.md @@ -22,3 +22,8 @@ **Vulnerability:** In `server/prod-server.ts`, the application used `decodeURIComponent(pathname)` directly on user-provided pathnames without a `try...catch` block. If an attacker provided a malformed URI component (like `/%FF`), it would throw an unhandled `URIError`, potentially crashing the process or causing Denial of Service when serving static files. **Learning:** Functions that parse or decode user-controlled strings (like `decodeURIComponent`, `JSON.parse`) can throw exceptions on malformed input. When these are used in top-level request handlers without proper error boundaries, they become vectors for DoS. **Prevention:** Always wrap parsing or decoding functions that operate on user input in `try...catch` blocks. In request handlers, catch these exceptions and return a safe HTTP status like `400 Bad Request`. + +## 2025-03-09 - Unbounded Network Request (Denial of Service) +**Vulnerability:** External network requests made via `fetch` lacked a timeout, allowing them to hang indefinitely if the remote server was slow or unresponsive. This could exhaust application resources (e.g., memory, sockets, thread pool limits) over time, leading to a Denial of Service (DoS). +**Learning:** Unbounded network requests tie up valuable system resources while waiting for a response that may never arrive. +**Prevention:** When implementing external API requests using `fetch` or similar HTTP clients, always enforce a timeout (e.g., using `AbortSignal.timeout(5000)`) to prevent unbounded waiting and application unresponsiveness. diff --git a/server/services/npm-registry.ts b/server/services/npm-registry.ts index 7438e03..1574745 100644 --- a/server/services/npm-registry.ts +++ b/server/services/npm-registry.ts @@ -89,7 +89,8 @@ async function fetchNpmRegistryPackage(packageName: string): Promise