akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity
Files
93894c517b311e1ae1550eca71670d646d2b32d2
Charon/docs
History
GitHub Actions 93894c517b fix(security): resolve API key logging vulnerability and enhance import validation 
Critical security fix addressing CWE-312/315/359 (Cleartext Storage/Cookie
Storage/Privacy Exposure) where CrowdSec bouncer API keys were logged in cleartext.
Implemented maskAPIKey() utility to show only first 4 and last 4 characters,
protecting sensitive credentials in production logs.

Enhanced CrowdSec configuration import validation with:
- Zip bomb protection via 100x compression ratio limit
- Format validation rejecting zip archives (only tar.gz allowed)
- CrowdSec-specific YAML structure validation
- Rollback mechanism on validation failures

UX improvement: moved CrowdSec API key display from Security Dashboard to
CrowdSec Config page for better logical organization.

Comprehensive E2E test coverage:
- Created 10 test scenarios including valid import, missing files, invalid YAML,
  zip bombs, wrong formats, and corrupted archives
- 87/108 E2E tests passing (81% pass rate, 0 regressions)

Security validation:
- CodeQL: 0 CWE-312/315/359 findings (vulnerability fully resolved)
- Docker Image: 7 HIGH base image CVEs documented (non-blocking, Debian upstream)
- Pre-commit hooks: 13/13 passing (fixed 23 total linting issues)

Backend coverage: 82.2% (+1.1%)
Frontend coverage: 84.19% (+0.3%)
2026-02-04 00:12:13 +00:00
..
actions
fix: resolve three CI workflow failures blocking deployments
2026-01-30 07:13:59 +00:00
analysis
fix(e2e): resolve emergency-token.spec.ts Test 1 failure
2026-01-28 23:18:14 +00:00
api
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
configuration
fix(ci): resolve E2E test failures - emergency server ports and deterministic ACL disable
2026-01-27 01:50:36 +00:00
decisions
fix(e2e): resolve test timeout issues and improve reliability
2026-02-02 18:53:30 +00:00
development
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
features
feat: Add CrowdSec Bouncer Key Display component and integrate into Security page
2026-02-03 21:07:16 +00:00
guides
feat: Add CrowdSec Bouncer Key Display component and integrate into Security page
2026-02-03 21:07:16 +00:00
implementation
fix(security): resolve API key logging vulnerability and enhance import validation
2026-02-04 00:12:13 +00:00
issues
chore: move processed issue files to created/
2026-02-03 18:26:50 +00:00
maintenance
COMMIT_MESSAGE_START
2026-02-02 13:31:56 +00:00
performance
fix(tests): enhance system settings tests with feature flag propagation and retry logic
2026-02-02 01:14:46 +00:00
plans
fix(security): resolve API key logging vulnerability and enhance import validation
2026-02-04 00:12:13 +00:00
reports
fix(security): resolve API key logging vulnerability and enhance import validation
2026-02-04 00:12:13 +00:00
runbooks
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
security
fix(security): resolve API key logging vulnerability and enhance import validation
2026-02-04 00:12:13 +00:00
testing
fix(e2e): implement performance tracking for shard execution and API call metrics
2026-02-02 21:32:27 +00:00
troubleshooting
fix(e2e): resolve test timeout issues and improve reliability
2026-02-02 18:53:30 +00:00
acme-staging.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
AGENT_SKILLS_MIGRATION.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
api.md
fix: remediate 5 failing E2E tests and fix Caddyfile import API contract
2026-02-01 06:51:06 +00:00
beta_release_draft_pr_body_snapshot.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
beta_release_draft_pr.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
beta_release_pr_body.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
cerberus.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
crowdsec-auto-start-quickref.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
database-maintenance.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
database-schema.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
debugging-local-container.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
features.md
feat: Add CrowdSec Bouncer Key Display component and integrate into Security page
2026-02-03 21:07:16 +00:00
getting-started.md
fix: restore PATCH endpoints used by E2E + emergency-token fallback
2026-01-27 22:43:33 +00:00
github-setup.md
fix: restore PATCH endpoints used by E2E + emergency-token fallback
2026-01-27 22:43:33 +00:00
i18n-examples.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
import-guide.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
index.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
live-logs-guide.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
migration-guide-crowdsec-auto-start.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
migration-guide.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
SECURITY_PRACTICES.md
fix(security): resolve API key logging vulnerability and enhance import validation
2026-02-04 00:12:13 +00:00
security-incident-response.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
security.md
fix(ci): resolve E2E test failures - emergency server ports and deterministic ACL disable
2026-01-27 01:50:36 +00:00
SUPPLY_CHAIN_SECURITY_FIXES.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00
SUPPLY_CHAIN_VULNERABILITY_GUIDE.md
chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00