GeneralBots/gb
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
gb/prompts/sec-minmax.md

5.8 KiB
Raw Blame History

Security Tasklist - MinMax Analysis

Overview

Comprehensive security tasklist based on automated analysis of all source code modules: botserver, botui, botlib, botdevice, botapp, bottest.

CRITICAL (P0) - Fix Immediately

1. Unsafe Command Execution

Files with direct Command::new (64 remaining):

  • botserver/src/core/bootstrap/bootstrap_utils.rs:39,53,76,99,112,126,133,161,176,211,231
  • botserver/src/core/package_manager/installer.rs:1154
  • botserver/src/botmodels/python_bridge.rs:198
  • botserver/src/auto_task/container_session.rs:27,52,117
  • botserver/src/llm/local.rs:434,530
  • botserver/src/monitoring/real_time.rs:595

Action: Replace ALL Command::new with SafeCommand::new

2. Panic Usage (4 instances)

  • botserver/src/core/bot/channels/whatsapp.rs:65 - panic!("WhatsApp queue initialization failed")
  • botserver/src/core/package_manager/installer.rs:28 - panic! for parsing error

Action: Replace with proper error handling using ? or Result

3. Unsafe Unwrap/Expect (647 instances)

Major hotspots:

  • botserver/src/whatsapp/mod.rs - 30+ unwrap() on JSON serialization
  • botserver/src/llm/mod.rs - Multiple unwrap() on serialization
  • botserver/src/security/jwt.rs - Multiple expect() on token operations

Action: Systematic replacement with ok_or_else(), match, or if let

HIGH PRIORITY (P1) - Fix Within 1 Week

4. SQL Query Construction (format! with SQL)

  • botserver/src/email/signatures.rs:306 - diesel::sql_query(format!(...))
  • botserver/src/contacts/contacts_api/service.rs:251 - format!("SELECT COUNT(*)...")
  • botserver/src/basic/keywords/db_api.rs:644 - format!("DELETE FROM {}...")
  • botserver/src/maintenance/mod.rs:458,479 - diesel::sql_query(format!(...))

Action: Use sql_guard consistently, validate all table/column names

5. CSP Configuration - unsafe-inline/unsafe-eval

  • botserver/src/security/headers.rs - Default CSP includes unsafe directives

Action: Implement nonce-based CSP, remove unsafe-inline/unsafe-eval

6. JWT Secret Management

  • botserver/src/security/jwt.rs - Default secret fallback if not configured
  • Multiple expect("Failed to generate") in token operations

Action: Enforce minimum secret length, fail startup if not configured

MEDIUM PRIORITY (P2) - Fix Within 2 Weeks

7. Passkey Implementation - Incomplete

  • botserver/src/security/passkey.rs - Implementation present but incomplete
  • botserver/src/security/passkey_service.rs - Service layer incomplete

Action: Complete passkey registration/authentication flow

8. RBAC - Anonymous Access

  • botserver/src/main_module/server.rs - Some routes may allow excessive anonymous access

Action: Audit all route permissions, minimize anonymous endpoints

9. Path Traversal Risks

  • botserver/src/security/path_guard.rs exists but needs usage audit
  • File operations in botserver/src/basic/keywords/file_ops/

Action: Ensure all file operations use path_guard validation

10. Rate Limiting Coverage

  • Governor-based rate limiting exists but not applied uniformly
  • WhatsApp-specific rate limiter at botserver/src/core/bot/channels/whatsapp_rate_limiter.rs

Action: Apply consistent rate limiting to ALL API endpoints

LOW PRIORITY (P3) - Fix Within 1 Month

11. Error Sanitization Coverage

  • 67 instances using log_and_sanitize found
  • Coverage good in security/rbac.rs, basic/keywords/db_api.rs
  • Missing in some API handlers

Action: Ensure ALL HTTP error responses use error_sanitizer

12. Security Headers

  • botserver/src/security/headers.rs - Comprehensive implementation exists
  • Tests at lines 476-625

Action: Verify all responses include security headers

13. Audit Logging

  • botserver/src/security/audit.rs - Module exists
  • Need coverage verification for all security events

Action: Audit event coverage review

14. Secrets Management

  • Vault integration via vaultrs exists
  • Ensure all secrets loaded from /tmp/ not hardcoded

Action: Verify secrets loading from /tmp/vault-*

VERIFICATION COMMANDS

Dependency Audit

cargo audit
cargo deny check

Code Quality

cargo clippy --workspace  # Target: 0 warnings

Security Tests

cargo test -p botserver security

Specific Pattern Search

# Find Command::new
grep -r "Command::new" botserver/src --include="*.rs" | grep -v SafeCommand | grep -v "// Safe"

# Find unwrap/expect
grep -r "\.unwrap\(\)\|\.expect(" botserver/src --include="*.rs" | wc -l

# Find format! with SQL
grep -r 'format!.*SELECT\|format!.*INSERT\|format!.*UPDATE\|format!.*DELETE' botserver/src --include="*.rs"

SECURITY MODULES STATUS

Module Status Notes
sql_guard Good Used in db_api, search, find
command_guard Good SafeCommand widely adopted
csrf Good Full implementation with Redis store
error_sanitizer Good 67 usage instances
jwt ⚠️ Review Default secret, unwrap usage
rate_limiter Good Governor-based
headers ⚠️ Review CSP needs hardening
passkey Incomplete Needs completion
audit Good Module exists
rbac ⚠️ Review Anonymous access audit needed

TASK BATCH STRATEGY

Batch 1 - Command Execution (64 files)

  1. Search all Command::new occurrences
  2. Replace with SafeCommand::new
  3. Verify with clippy

Batch 2 - Unwrap/Expect (647 instances)

  1. Sort by file frequency
  2. Fix highest-volume files first:
    • whatsapp/mod.rs (30+)
    • llm/mod.rs (15+)
    • security/jwt.rs (20+)
  3. Use offline fix approach

Batch 3 - SQL Queries (19 instances)

  1. Verify sql_guard usage
  2. Add validate_table_name calls
  3. Test SQL injection resistance

Generated: 2026-03-11
Analysis: Automated grep + code review
Target: Zero critical/high security issues