FRE-4500: Fix security review findings (Critical/High/Medium/Low)

Browse Source

- Critical #1: Add auth check to ingest endpoints (use request.user.id)
- Critical #2: Add IDOR protection on group endpoints (userId ownership)
- High #3: Register auth middleware in server.ts (populates request.user)
- High #4: Add Fastify schema validation to all route handlers
- Medium #5: Add NormalizedAlert/CorrelationGroup models to Prisma schema
- Medium #6: Sanitize payload storage in normalizer (depth limit, circular ref)
- Low #7: Restrict CORS origins (use CORS_ORIGIN env var)
Co-Authored-By: Paperclip <noreply@paperclip.ing>

...

This commit is contained in:

Michael Freno

2026-05-02 16:40:01 -04:00

parent 274afa6335

commit 0afdf8b6e8

8 changed files with 132 additions and 0 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

BIN

.turbo/cache/df8d582601d96e8d.tar.zst vendored Normal file

Binary file not shown.