gb/SECURITY_CHECKLIST.md

# General Bots Security Checklist

## Critical (P1) - Must Fix Immediately

### Authentication & Authorization
- [ ] **SecurityManager Integration** - Initialize in bootstrap
- [ ] **CSRF Protection** - Enable for all state-changing endpoints
- [ ] **Error Handling** - Replace all `unwrap()`/`expect()` calls
- [ ] **Security Headers** - Apply to all HTTP routes

### Data Protection
- [ ] **TLS/MTLS** - Ensure certificates are generated and validated
- [ ] **SafeCommand Usage** - Replace all `Command::new()` calls
- [ ] **Error Sanitization** - Use `ErrorSanitizer` for all HTTP errors

## High Priority (P2) - Fix Within 2 Weeks

### Authentication
- [ ] **Passkey Support** - Complete WebAuthn implementation
- [ ] **MFA Enhancement** - Add backup codes and recovery flows
- [ ] **API Key Management** - Implement rotation and expiration

### Monitoring & Detection
- [ ] **Security Monitoring** - Integrate `SecurityMonitor` with app events
- [ ] **DLP Policies** - Configure default policies for PII/PCI/PHI
- [ ] **Rate Limiting** - Apply consistent limits across all endpoints

## Medium Priority (P3) - Fix Within 1 Month

### Infrastructure
- [ ] **Certificate Management** - Add expiration monitoring and auto-renewal
- [ ] **Audit Logging** - Ensure comprehensive coverage
- [ ] **Security Testing** - Create dedicated test suite

### Compliance
- [ ] **Security Documentation** - Update policies and procedures
- [ ] **Compliance Mapping** - Map controls to SOC2/GDPR/ISO27001
- [ ] **Evidence Collection** - Implement automated evidence gathering

## Quick Wins (Can be done today)

### Code Quality
- [ ] Run `cargo clippy --workspace` and fix all warnings
- [ ] Use `cargo audit` to check for vulnerable dependencies
- [ ] Replace 10 `unwrap()` calls with proper error handling

### Configuration
- [ ] Check `.env` files for hardcoded secrets (move to `/tmp/`)
- [ ] Verify `botserver-stack/conf/` permissions
- [ ] Review `Cargo.toml` for unnecessary dependencies

### Testing
- [ ] Test authentication flows with invalid credentials
- [ ] Verify CSRF tokens are required for POST/PUT/DELETE
- [ ] Check security headers on main endpoints

## Daily Security Tasks

### Morning Check
- [ ] Review `botserver.log` for security events
- [ ] Check `cargo audit` for new vulnerabilities
- [ ] Monitor failed login attempts
- [ ] Verify certificate expiration dates

### Ongoing Monitoring
- [ ] Watch for unusual access patterns
- [ ] Monitor DLP policy violations
- [ ] Track security metric trends
- [ ] Review audit logs for anomalies

### Weekly Tasks
- [ ] Run full security scan with protection tools
- [ ] Review and rotate any expiring credentials
- [ ] Update security dependencies
- [ ] Backup security configurations

## Emergency Response

### If you suspect a breach:
1. **Isolate** - Disconnect affected systems
2. **Preserve** - Don't delete logs or evidence
3. **Document** - Record all actions and observations
4. **Escalate** - Contact security team immediately
5. **Contain** - Implement temporary security measures
6. **Investigate** - Determine scope and impact
7. **Remediate** - Fix vulnerabilities and restore services
8. **Learn** - Update procedures to prevent recurrence

## Security Tools Commands

### Dependency Scanning
```bash
cargo audit
cargo deny check
cargo geiger
```

### Code Analysis
```bash
cargo clippy --workspace -- -D warnings
cargo fmt --check
```

### Security Testing
```bash
# Run security tests
cargo test -p bottest --test security

# Check for unsafe code
cargo geiger --forbid

# Audit dependencies
cargo audit --deny warnings
```

### Protection Tools
```bash
# Security scanning
curl -X POST http://localhost:9000/api/security/protection/scan

# Get security report
curl http://localhost:9000/api/security/protection/report

# Check tool status
curl http://localhost:9000/api/security/protection/status
```

## Common Security Issues to Watch For

### 1. Hardcoded Secrets
**Bad:** `password = "secret123"` in code
**Good:** `password = env::var("DB_PASSWORD")?` from `/tmp/`

### 2. Unsafe Command Execution
**Bad:** `Command::new("rm").arg("-rf").arg(user_input)`
**Good:** `SafeCommand::new("rm")?.arg("-rf")?.arg(sanitized_input)?`

### 3. Missing Input Validation
**Bad:** `format!("SELECT * FROM {}", user_table)`
**Good:** `validate_table_name(&user_table)?; format!("SELECT * FROM {}", safe_table)`

### 4. Information Disclosure
**Bad:** `Json(json!({ "error": e.to_string() }))`
**Good:** `let sanitized = log_and_sanitize(&e, "context", None); (StatusCode::INTERNAL_SERVER_ERROR, sanitized)`

## Security Contact Information

**Primary Contact:** security@pragmatismo.com.br  
**Backup Contact:** Check `security.txt` at `/.well-known/security.txt`

**Emergency Response:** Follow procedures in `botbook/src/12-auth/security-policy.md`

---
*Last Updated: 2026-02-22*  
*Review Frequency: Weekly*  
*Next Review: 2026-03-01*
feat(ui): migrate desktop environment to Window Manager - Updated UI.md with the completed specification and status - Synced botui submodule with new desktop.html and window-manager.js implementation - Synced botserver submodule with latest changes 2026-02-24 19:02:48 -03:00			`# General Bots Security Checklist`

			`## Critical (P1) - Must Fix Immediately`

			`### Authentication & Authorization`
			`- [ ] SecurityManager Integration - Initialize in bootstrap`
			`- [ ] CSRF Protection - Enable for all state-changing endpoints`
			- [ ] Error Handling - Replace all `unwrap()`/`expect()` calls
			`- [ ] Security Headers - Apply to all HTTP routes`

			`### Data Protection`
			`- [ ] TLS/MTLS - Ensure certificates are generated and validated`
			- [ ] SafeCommand Usage - Replace all `Command::new()` calls
			- [ ] Error Sanitization - Use `ErrorSanitizer` for all HTTP errors

			`## High Priority (P2) - Fix Within 2 Weeks`

			`### Authentication`
			`- [ ] Passkey Support - Complete WebAuthn implementation`
			`- [ ] MFA Enhancement - Add backup codes and recovery flows`
			`- [ ] API Key Management - Implement rotation and expiration`

			`### Monitoring & Detection`
			- [ ] Security Monitoring - Integrate `SecurityMonitor` with app events
			`- [ ] DLP Policies - Configure default policies for PII/PCI/PHI`
			`- [ ] Rate Limiting - Apply consistent limits across all endpoints`

			`## Medium Priority (P3) - Fix Within 1 Month`

			`### Infrastructure`
			`- [ ] Certificate Management - Add expiration monitoring and auto-renewal`
			`- [ ] Audit Logging - Ensure comprehensive coverage`
			`- [ ] Security Testing - Create dedicated test suite`

			`### Compliance`
			`- [ ] Security Documentation - Update policies and procedures`
			`- [ ] Compliance Mapping - Map controls to SOC2/GDPR/ISO27001`
			`- [ ] Evidence Collection - Implement automated evidence gathering`

			`## Quick Wins (Can be done today)`

			`### Code Quality`
			- [ ] Run `cargo clippy --workspace` and fix all warnings
			- [ ] Use `cargo audit` to check for vulnerable dependencies
			- [ ] Replace 10 `unwrap()` calls with proper error handling

			`### Configuration`
			- [ ] Check `.env` files for hardcoded secrets (move to `/tmp/`)
			- [ ] Verify `botserver-stack/conf/` permissions
			- [ ] Review `Cargo.toml` for unnecessary dependencies

			`### Testing`
			`- [ ] Test authentication flows with invalid credentials`
			`- [ ] Verify CSRF tokens are required for POST/PUT/DELETE`
			`- [ ] Check security headers on main endpoints`

			`## Daily Security Tasks`

			`### Morning Check`
			- [ ] Review `botserver.log` for security events
			- [ ] Check `cargo audit` for new vulnerabilities
			`- [ ] Monitor failed login attempts`
			`- [ ] Verify certificate expiration dates`

			`### Ongoing Monitoring`
			`- [ ] Watch for unusual access patterns`
			`- [ ] Monitor DLP policy violations`
			`- [ ] Track security metric trends`
			`- [ ] Review audit logs for anomalies`

			`### Weekly Tasks`
			`- [ ] Run full security scan with protection tools`
			`- [ ] Review and rotate any expiring credentials`
			`- [ ] Update security dependencies`
			`- [ ] Backup security configurations`

			`## Emergency Response`

			`### If you suspect a breach:`
			`1. Isolate - Disconnect affected systems`
			`2. Preserve - Don't delete logs or evidence`
			`3. Document - Record all actions and observations`
			`4. Escalate - Contact security team immediately`
			`5. Contain - Implement temporary security measures`
			`6. Investigate - Determine scope and impact`
			`7. Remediate - Fix vulnerabilities and restore services`
			`8. Learn - Update procedures to prevent recurrence`

			`## Security Tools Commands`

			`### Dependency Scanning`
			```bash
			`cargo audit`
			`cargo deny check`
			`cargo geiger`
			```

			`### Code Analysis`
			```bash
			`cargo clippy --workspace -- -D warnings`
			`cargo fmt --check`
			```

			`### Security Testing`
			```bash
			`# Run security tests`
			`cargo test -p bottest --test security`

			`# Check for unsafe code`
			`cargo geiger --forbid`

			`# Audit dependencies`
			`cargo audit --deny warnings`
			```

			`### Protection Tools`
			```bash
			`# Security scanning`
			`curl -X POST http://localhost:9000/api/security/protection/scan`

			`# Get security report`
			`curl http://localhost:9000/api/security/protection/report`

			`# Check tool status`
			`curl http://localhost:9000/api/security/protection/status`
			```

			`## Common Security Issues to Watch For`

			`### 1. Hardcoded Secrets`
			Bad: `password = "secret123"` in code
			Good: `password = env::var("DB_PASSWORD")?` from `/tmp/`

			`### 2. Unsafe Command Execution`
			Bad: `Command::new("rm").arg("-rf").arg(user_input)`
			Good: `SafeCommand::new("rm")?.arg("-rf")?.arg(sanitized_input)?`

			`### 3. Missing Input Validation`
			Bad: `format!("SELECT * FROM {}", user_table)`
			Good: `validate_table_name(&user_table)?; format!("SELECT * FROM {}", safe_table)`

			`### 4. Information Disclosure`
			Bad: `Json(json!({ "error": e.to_string() }))`
			Good: `let sanitized = log_and_sanitize(&e, "context", None); (StatusCode::INTERNAL_SERVER_ERROR, sanitized)`

			`## Security Contact Information`

			`Primary Contact: security@pragmatismo.com.br`
			Backup Contact: Check `security.txt` at `/.well-known/security.txt`

			Emergency Response: Follow procedures in `botbook/src/12-auth/security-policy.md`

			`---`
			`Last Updated: 2026-02-22`
			`Review Frequency: Weekly`
			`Next Review: 2026-03-01`