GeneralBots/botserver
2
1
Fork 0
Code Issues Pull requests Projects Releases 323 Packages Wiki Activity Actions
botserver/SECURITY_TASKS.md

5.6 KiB
Raw Blame History

Security Audit Tasks - botserver

Priority: CRITICAL Auditor Focus: Rust Security Best Practices

🔴 CRITICAL - Fix Immediately

1. Remove All .unwrap() Calls (403 occurrences)

grep -rn "unwrap()" src --include="*.rs" | wc -l
# Result: 403

Action: Replace every .unwrap() with:

  • ? operator for propagating errors
  • .unwrap_or_default() for safe defaults
  • .ok_or_else(|| Error::...)? for custom errors

Files with highest count:

grep -rn "unwrap()" src --include="*.rs" -c | sort -t: -k2 -rn | head -20

2. Remove All .expect() Calls (76 occurrences)

grep -rn "\.expect(" src --include="*.rs" | wc -l
# Result: 76

Action: Same as unwrap - use ? or proper error handling.

3. SQL Injection Vectors - Dynamic Query Building

Location: Multiple files build SQL with format!

src/basic/keywords/db_api.rs:168 - format!("SELECT COUNT(*) as count FROM {}", table_name)
src/basic/keywords/db_api.rs:603 - format!("DELETE FROM {} WHERE id = $1", table_name)
src/basic/keywords/db_api.rs:665 - format!("SELECT COUNT(*) as count FROM {}", table_name)

Action:

  • Validate table_name against whitelist of allowed tables
  • Use parameterized queries exclusively
  • Add schema validation before query execution

4. Command Injection Risk - External Process Execution

Locations:

src/security/antivirus.rs - Command::new("powershell")
src/core/kb/document_processor.rs - Command::new("pdftotext"), Command::new("pandoc")
src/core/bot/manager.rs - Command::new("mc")
src/nvidia/mod.rs - Command::new("nvidia-smi")

Action:

  • Never pass user input to command arguments
  • Use absolute paths for executables
  • Validate/sanitize all inputs before shell execution
  • Consider sandboxing or containerization

🟠 HIGH - Fix This Sprint

5. Secrets in Memory

Concern: API keys, passwords, tokens may persist in memory

Action:

  • Use secrecy crate for sensitive data (SecretString, SecretVec)
  • Implement Zeroize trait for structs holding secrets
  • Clear secrets from memory after use

6. Missing Input Validation on API Endpoints

Action: Add validation for all handler inputs:

  • Length limits on strings
  • Range checks on numbers
  • Format validation (emails, URLs, UUIDs)
  • Use validator crate with derive macros

7. Rate Limiting Missing

Action:

  • Add rate limiting middleware to all public endpoints
  • Implement per-IP and per-user limits
  • Use tower-governor or similar

8. Missing Authentication Checks

Action: Audit all handlers for:

  • Session validation
  • Permission checks (RBAC)
  • Bot ownership verification

9. CORS Configuration Review

Action:

  • Restrict allowed origins (no wildcard * in production)
  • Validate Origin header
  • Set appropriate headers

10. File Path Traversal

Locations: File serving, upload handlers

Action:

  • Canonicalize paths before use
  • Validate paths are within allowed directories
  • Use sanitize_path_component consistently

🟡 MEDIUM - Fix Next Sprint

11. Logging Sensitive Data

Action:

  • Audit all log::* calls for sensitive data
  • Never log passwords, tokens, API keys
  • Redact PII in logs

12. Error Message Information Disclosure

Action:

  • Return generic errors to clients
  • Log detailed errors server-side only
  • Never expose stack traces to users

13. Cryptographic Review

Action:

  • Verify TLS 1.3 minimum
  • Check certificate validation
  • Review encryption algorithms used
  • Ensure secure random number generation (rand::rngs::OsRng)

14. Dependency Audit

cargo audit
cargo deny check

Action:

  • Fix all reported vulnerabilities
  • Remove unused dependencies
  • Pin versions in Cargo.lock

15. TODO/FIXME Comments (Security-Related)

src/auto_task/autotask_api.rs:1829 - TODO: Fetch from database
src/auto_task/autotask_api.rs:1849 - TODO: Implement recommendation

Action: Complete or remove all TODO comments.

🟢 LOW - Backlog

16. Add Security Headers

  • X-Content-Type-Options: nosniff
  • X-Frame-Options: DENY
  • Content-Security-Policy
  • Strict-Transport-Security

17. Implement Request ID Tracking

  • Add unique ID to each request
  • Include in logs for tracing

18. Database Connection Pool Hardening

  • Set max connections
  • Implement connection timeouts
  • Add health checks

19. Add Panic Handler

  • Catch panics at boundaries
  • Log and return 500, don't crash

20. Memory Limits

  • Set max request body size
  • Limit file upload sizes
  • Implement streaming for large files

Verification Commands

# Check for unwrap
grep -rn "unwrap()" src --include="*.rs" | wc -l

# Check for expect
grep -rn "\.expect(" src --include="*.rs" | wc -l

# Check for panic
grep -rn "panic!" src --include="*.rs" | wc -l

# Check for unsafe
grep -rn "unsafe" src --include="*.rs"

# Check for SQL injection vectors
grep -rn "format!.*SELECT\|format!.*INSERT\|format!.*UPDATE\|format!.*DELETE" src --include="*.rs"

# Check for command execution
grep -rn "Command::new\|std::process::Command" src --include="*.rs"

# Run security audit
cargo audit

# Check dependencies
cargo deny check

Acceptance Criteria

  • 0 .unwrap() calls in production code (tests excluded)
  • 0 .expect() calls in production code
  • 0 panic! macros
  • 0 unsafe blocks (or documented justification)
  • All SQL uses parameterized queries
  • All external commands validated
  • cargo audit shows 0 vulnerabilities
  • Rate limiting on all public endpoints
  • Input validation on all handlers
  • Secrets use secrecy crate