chore: import upstream snapshot with attribution
OSV-Scanner (Scheduled) / scan-scheduled (push) Failing after 0s
Create Release / test-gate (push) Has been cancelled
Create Release / release-gate (push) Has been cancelled
Create Release / ci-gate (push) Has been cancelled
Create Release / version-check (push) Has been cancelled
Create Release / e2e-test-gate (push) Has been cancelled
Create Release / responsive-test-gate (push) Has been cancelled
Create Release / compat-test-gate (push) Has been cancelled
Create Release / compose-integration-gate (push) Has been cancelled
Create Release / vulture-gate (push) Has been cancelled
Create Release / build (push) Has been cancelled
Create Release / provenance (push) Has been cancelled
Create Release / prerelease-docker (push) Has been cancelled
Create Release / publish-docker (push) Has been cancelled
Create Release / create-release (push) Has been cancelled
Create Release / cleanup-changelog (push) Has been cancelled
Create Release / trigger-pypi (push) Has been cancelled
Create Release / monitor-pypi (push) Has been cancelled
Create Release / Clean up orphan prerelease tags and signatures (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-form] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-metrics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-workflow] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-core] (push) Has been cancelled
CodeQL Advanced / Analyze (javascript-typescript) (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [history-news] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [library] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [link-analytics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-core] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-lifecycle] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [error-benchmark] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) (push) Has been cancelled
Docker Tests (Consolidated) / Accessibility Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Unit Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Example Tests (push) Has been cancelled
Docker Tests (Consolidated) / Production Image Smoke Test (push) Has been cancelled
Docker Tests (Consolidated) / Infrastructure Tests (push) Has been cancelled
OSSF Scorecard / OSSF Security Scorecard Analysis (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [mobile] (push) Has been cancelled
Backwards Compatibility / Verify Encryption Constants (push) Has been cancelled
Backwards Compatibility / PyPI Version Compatibility (push) Has been cancelled
Backwards Compatibility / Database Migration Tests (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Docker Tests (Consolidated) / detect-changes (push) Has been cancelled
Docker Tests (Consolidated) / Build Test Image (push) Has been cancelled
Docker Tests (Consolidated) / All Pytest Tests + Coverage (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [accessibility] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [api-crud] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-login] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-register] (push) Has been cancelled
OSV-Scanner (Scheduled) / scan-scheduled (push) Failing after 0s
Create Release / test-gate (push) Has been cancelled
Create Release / release-gate (push) Has been cancelled
Create Release / ci-gate (push) Has been cancelled
Create Release / version-check (push) Has been cancelled
Create Release / e2e-test-gate (push) Has been cancelled
Create Release / responsive-test-gate (push) Has been cancelled
Create Release / compat-test-gate (push) Has been cancelled
Create Release / compose-integration-gate (push) Has been cancelled
Create Release / vulture-gate (push) Has been cancelled
Create Release / build (push) Has been cancelled
Create Release / provenance (push) Has been cancelled
Create Release / prerelease-docker (push) Has been cancelled
Create Release / publish-docker (push) Has been cancelled
Create Release / create-release (push) Has been cancelled
Create Release / cleanup-changelog (push) Has been cancelled
Create Release / trigger-pypi (push) Has been cancelled
Create Release / monitor-pypi (push) Has been cancelled
Create Release / Clean up orphan prerelease tags and signatures (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-form] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-metrics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-workflow] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-core] (push) Has been cancelled
CodeQL Advanced / Analyze (javascript-typescript) (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [history-news] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [library] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [link-analytics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-core] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-lifecycle] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [error-benchmark] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) (push) Has been cancelled
Docker Tests (Consolidated) / Accessibility Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Unit Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Example Tests (push) Has been cancelled
Docker Tests (Consolidated) / Production Image Smoke Test (push) Has been cancelled
Docker Tests (Consolidated) / Infrastructure Tests (push) Has been cancelled
OSSF Scorecard / OSSF Security Scorecard Analysis (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [mobile] (push) Has been cancelled
Backwards Compatibility / Verify Encryption Constants (push) Has been cancelled
Backwards Compatibility / PyPI Version Compatibility (push) Has been cancelled
Backwards Compatibility / Database Migration Tests (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Docker Tests (Consolidated) / detect-changes (push) Has been cancelled
Docker Tests (Consolidated) / Build Test Image (push) Has been cancelled
Docker Tests (Consolidated) / All Pytest Tests + Coverage (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [accessibility] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [api-crud] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-login] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-register] (push) Has been cancelled
This commit is contained in:
@@ -0,0 +1,109 @@
|
||||
# Security Review Process
|
||||
|
||||
## Overview
|
||||
|
||||
This repository uses an automated alert system to highlight when PRs modify security-critical files. Instead of blocking development, we provide clear warnings and checklists to ensure dangerous changes get proper scrutiny.
|
||||
|
||||
## How It Works
|
||||
|
||||
### 🚨 Automatic Detection
|
||||
When a PR modifies any of these files:
|
||||
- Database encryption (`encrypted_db.py`, `sqlcipher_*.py`)
|
||||
- Authentication (`/auth/` directory, `password*.py`)
|
||||
- Security utilities (`/security/` directory)
|
||||
- Encryption/decryption code (`*encrypt*.py`, `*decrypt*.py`, `*crypto*.py`)
|
||||
|
||||
The CI will:
|
||||
1. **Post a prominent warning comment** with security-specific review checklist
|
||||
2. **Add labels** to the PR (`security-review-needed`, `touches-encryption`, etc.)
|
||||
3. **Create a status check** showing "Security Review Required" (informational, not blocking)
|
||||
|
||||
### 📋 Review Checklists
|
||||
|
||||
The bot creates specific checklists based on what was modified:
|
||||
|
||||
#### For Encryption Changes:
|
||||
- SQLCipher pragma order (key must come first)
|
||||
- No hardcoded keys
|
||||
- Backward compatibility
|
||||
- Migration paths
|
||||
|
||||
#### For Authentication Changes:
|
||||
- No auth bypasses
|
||||
- Secure session handling
|
||||
- Proper password hashing
|
||||
- No privilege escalation
|
||||
|
||||
#### For All Security Changes:
|
||||
- No exposed secrets
|
||||
- No debug bypasses
|
||||
- Safe error messages
|
||||
- Secure logging
|
||||
|
||||
## For Developers
|
||||
|
||||
### When You Modify Security Files:
|
||||
|
||||
1. **Expect the warning** - It's not a failure, just a heads-up
|
||||
2. **Self-review first** - Go through the checklist yourself
|
||||
3. **Document your changes** - Explain WHY the security code needed to change
|
||||
4. **Test thoroughly** - Especially with existing encrypted databases
|
||||
5. **Be patient** - Security reviews take time
|
||||
|
||||
### Red Flags to Avoid:
|
||||
|
||||
❌ Changing pragma order in SQLCipher code
|
||||
❌ Adding "temporary" auth bypasses
|
||||
❌ Logging passwords or encryption keys
|
||||
❌ Hardcoding credentials
|
||||
❌ Disabling security checks "for testing"
|
||||
|
||||
## For Reviewers
|
||||
|
||||
### When You See the Warning:
|
||||
|
||||
1. **Take it seriously** - These files can break security if done wrong
|
||||
2. **Go through the checklist** - Don't just check boxes, verify each item
|
||||
3. **Test locally** - Especially encryption changes with real databases
|
||||
4. **Ask questions** - If something seems off, dig deeper
|
||||
5. **Get a second opinion** - For CRITICAL changes, ask another reviewer
|
||||
|
||||
### What Caused Our Previous Issue:
|
||||
|
||||
The SQLCipher pragma order bug that corrupted databases happened because:
|
||||
- Pragmas were applied BEFORE setting the encryption key
|
||||
- This wasn't caught in review despite being in "hotfix" branch
|
||||
- The change seemed logical but was actually breaking
|
||||
|
||||
**Lesson:** Even "obvious" changes to encryption code need careful review!
|
||||
|
||||
## The Philosophy
|
||||
|
||||
- **Warnings, not blocks** - We trust developers but want awareness
|
||||
- **Specific guidance** - Checklists for what to look for
|
||||
- **Risk-based** - More critical files get scarier warnings
|
||||
- **Educational** - Help reviewers know what to check
|
||||
|
||||
## Labels Added Automatically
|
||||
|
||||
- `security-review-needed` - Always added for security files
|
||||
- `touches-encryption` - Database encryption modified
|
||||
- `touches-authentication` - Auth system modified
|
||||
- `critical-changes` - Multiple security systems affected
|
||||
|
||||
## It's Not Perfect
|
||||
|
||||
This system won't catch everything:
|
||||
- Logic bugs in security code
|
||||
- Subtle vulnerabilities
|
||||
- Dependencies with security issues
|
||||
|
||||
It's meant to make reviewers **pause and think** when touching dangerous code.
|
||||
|
||||
## Questions?
|
||||
|
||||
If you're unsure about a security change:
|
||||
1. Ask in the PR for additional reviewers
|
||||
2. Test with production-like data
|
||||
3. Consider doing a security-focused code review session
|
||||
4. When in doubt, be more cautious
|
||||
Reference in New Issue
Block a user