Security: pre-launch hardening (Critical/High findings)#3
Merged
Conversation
ScanStation (server.py): loopback-only Host guard + path-segment sanitisation (blocks the DNS-rebinding and path-traversal -> portal.db/.env theft chain); generic error messages. Portal (portal_new/app.py): refuse to boot on a weak/placeholder PORTAL_SECRET_KEY; per-account login lockout + stop trusting X-Forwarded-For (brute-force defence); security headers (CSP, X-Frame-Options, nosniff, Referrer-Policy, HSTS on HTTPS); fail-closed tenant scoping; generic error responses; debug-in-prod guard. Deps/CI: pypdf 6.10.2 + pytest 9.0.3 (CVE fixes), pip-audit + pytest GitHub Action, wsgi.py for gunicorn. New tests: test_scanstation_security.py, test_portal_security.py. All 76 tests pass; re-running the exploit suite confirms the Critical/High chain is closed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements the fixes from the pre-launch security assessment. All changes are server-side; no scan-station UI changes.
What's fixed
ScanStation API (
server.py)Hostguard → blocks DNS-rebinding / off-host access.portal.db(password hashes) and.env(secret key). This breaks the "steal secret → forge admin session" chain.Portal (
portal_new/app.py)PORTAL_SECRET_KEY.X-Forwarded-For→ brute force can no longer be bypassed by rotating IPs.X-Frame-Options,X-Content-Type-Options,Referrer-Policy, HSTS (HTTPS).wsgi.pyfor gunicorn.Deps/CI
pypdf6.10.2 +pytest9.0.3 (CVE fixes). New GitHub Action runspip-audit+pytest.Verification
test_scanstation_security.py/test_portal_security.py).portal.db/.envtheft, the admin-session forgery, and the brute-force bypass are all now blocked. IDOR / CSRF / chat-auth controls still hold.pip-audit: clean.Notes
codex/unified-scan-intake(the branch this builds on) for a clean diff — retarget tomainif preferred.PORTAL_SECRET_KEYrotation + TLS/HSTS termination are deployment-side.🤖 Generated with Claude Code