egg/DashBoard
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
e5d7700b36b34da8c424f832c82e3f3a2e3367de
DashBoard/openspec/changes/archive/2026-02-23-released-pages-production-hardening/tasks.md

35 lines
2.7 KiB
Markdown
Raw Blame History

## 1. Config and Core Safety Baseline
- [x] 1.1 Add centralized hardening config keys (`TRUST_PROXY_HEADERS`, trusted proxy source config, JSON/body/input limits) with production-safe defaults.
- [x] 1.2 Change page registry fallback behavior so `api_public` defaults to false when config is missing/invalid.
- [x] 1.3 Implement secret redaction utility for connection-string logging and apply it to Redis URL logs.
- [x] 1.4 Enforce startup validation for required production security variables (including `SECRET_KEY`) with actionable diagnostics.
- [x] 1.5 Update environment documentation (`.env.example`/README/deploy docs) to match new hardening settings.
## 2. Released API Input Validation and Budget Guards
- [x] 2.1 Introduce a shared JSON request parsing/validation helper and adopt it in released JSON-only endpoints (`query-tool`, `job-query`, `resource` related routes).
- [x] 2.2 Ensure invalid/malformed/non-JSON payloads return deterministic 400/415 and do not fall through to generic 500 handlers.
- [x] 2.3 Add configurable hard caps for query-tool batch inputs (including `container_ids`) and reject overflow requests before service execution.
- [x] 2.4 Add configurable `limit` bounds for `/api/resource/detail` and normalize/reject invalid pagination limits consistently.
- [x] 2.5 Fix released route numeric query parsing edge cases to avoid `TypeError`/500 regressions.
## 3. Rate-Limit Trust Boundary Hardening
- [x] 3.1 Refactor rate-limit client identity resolution to ignore `X-Forwarded-For` by default and use `remote_addr` in direct-exposure deployments.
- [x] 3.2 Add trusted-proxy mode behavior so forwarded IP is used only when explicit trust configuration is enabled.
- [x] 3.3 Add tests for spoofed header attempts, direct mode behavior, and trusted-proxy behavior.
## 4. Frontend Injection-Surface Reduction
- [x] 4.1 Refactor `job-query` action rendering to remove raw inline `onclick` interpolation and use safe event binding/data attributes.
- [x] 4.2 Review and tighten applicable CSP/script-safety configuration for released routes without breaking current module/fallback loading.
- [x] 4.3 Add frontend/template tests to lock down safe rendering behavior for quoted/special-character data.
## 5. Regression Gates and Verification
- [x] 5.1 Add negative-path tests for invalid JSON, oversized batch input, bounded `limit`, and no-service-call-on-reject behavior.
- [x] 5.2 Add config hardening tests for `api_public` fail-safe fallback, production env validation, and Redis URL redaction.
- [x] 5.3 Run released-route focused pytest suite and update/repair affected contract tests to reflect explicit new 4xx/429 boundaries only.
- [x] 5.4 Ensure CI requires the new hardening test set to pass before merge.
Reference in New Issue View Git Blame Copy Permalink