Mike/ShieldAI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Apply security remediations for FRE-4498 (FRE-4612)

Browse Source 
Security findings from April 30 review were claimed fixed but never committed.
Applied all remediations:

HIGH:
- WebhookHandler: fail fast when DARKWATCH_WEBHOOK_SECRET missing instead of defaulting to hardcoded secret
- field-encryption.service: require PII_ENCRYPTION_KEY at startup instead of defaulting

MEDIUM:
- WebhookHandler: make signature required (was optional, accepted unsigned events)
- WebhookHandler: reject unknown event types instead of silently defaulting to SCAN_TRIGGER
- scheduler.routes + webhook.routes: add ownership checks on /:userId endpoints (IDOR)

LOW:
- webhook.routes: generic error responses, full error logged server-side

Co-Authored-By: Paperclip <noreply@paperclip.ing>
This commit is contained in:
Michael Freno
2026-05-02 13:03:28 -04:00
parent f34adc5e82
commit bdf8ad30b6
4 changed files with 44 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
packages/db/src/services/field-encryption.service.ts
View File

@@ -1,6 +1,9 @@
import crypto from 'crypto';
const ENCRYPTION_KEY = process.env.PII_ENCRYPTION_KEY || 'default-32-byte-key-for-aes-256';
if (!process.env.PII_ENCRYPTION_KEY) {
throw new Error("PII_ENCRYPTION_KEY environment variable is required — set it before starting the server");
}
const ENCRYPTION_KEY = process.env.PII_ENCRYPTION_KEY;
const IV_LENGTH = 16;
export class FieldEncryptionService {