Files
wehub-resource-sync 7a0da7932b
OSV-Scanner (Scheduled) / scan-scheduled (push) Failing after 0s
Create Release / test-gate (push) Has been cancelled
Create Release / release-gate (push) Has been cancelled
Create Release / ci-gate (push) Has been cancelled
Create Release / version-check (push) Has been cancelled
Create Release / e2e-test-gate (push) Has been cancelled
Create Release / responsive-test-gate (push) Has been cancelled
Create Release / compat-test-gate (push) Has been cancelled
Create Release / compose-integration-gate (push) Has been cancelled
Create Release / vulture-gate (push) Has been cancelled
Create Release / build (push) Has been cancelled
Create Release / provenance (push) Has been cancelled
Create Release / prerelease-docker (push) Has been cancelled
Create Release / publish-docker (push) Has been cancelled
Create Release / create-release (push) Has been cancelled
Create Release / cleanup-changelog (push) Has been cancelled
Create Release / trigger-pypi (push) Has been cancelled
Create Release / monitor-pypi (push) Has been cancelled
Create Release / Clean up orphan prerelease tags and signatures (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-form] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-metrics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [research-workflow] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-core] (push) Has been cancelled
CodeQL Advanced / Analyze (javascript-typescript) (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [history-news] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [library] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [link-analytics] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-core] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [chat-lifecycle] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [error-benchmark] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [settings-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) (push) Has been cancelled
Docker Tests (Consolidated) / Accessibility Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Unit Tests (push) Has been cancelled
Docker Tests (Consolidated) / LLM Example Tests (push) Has been cancelled
Docker Tests (Consolidated) / Production Image Smoke Test (push) Has been cancelled
Docker Tests (Consolidated) / Infrastructure Tests (push) Has been cancelled
OSSF Scorecard / OSSF Security Scorecard Analysis (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [mobile] (push) Has been cancelled
Backwards Compatibility / Verify Encryption Constants (push) Has been cancelled
Backwards Compatibility / PyPI Version Compatibility (push) Has been cancelled
Backwards Compatibility / Database Migration Tests (push) Has been cancelled
CodeQL Advanced / Analyze (python) (push) Has been cancelled
Docker Tests (Consolidated) / detect-changes (push) Has been cancelled
Docker Tests (Consolidated) / Build Test Image (push) Has been cancelled
Docker Tests (Consolidated) / All Pytest Tests + Coverage (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [accessibility] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [api-crud] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-login] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-pages] (push) Has been cancelled
Docker Tests (Consolidated) / UI Tests (Puppeteer) [auth-register] (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:08:55 +08:00

110 lines
3.6 KiB
Markdown

# Security Review Process
## Overview
This repository uses an automated alert system to highlight when PRs modify security-critical files. Instead of blocking development, we provide clear warnings and checklists to ensure dangerous changes get proper scrutiny.
## How It Works
### 🚨 Automatic Detection
When a PR modifies any of these files:
- Database encryption (`encrypted_db.py`, `sqlcipher_*.py`)
- Authentication (`/auth/` directory, `password*.py`)
- Security utilities (`/security/` directory)
- Encryption/decryption code (`*encrypt*.py`, `*decrypt*.py`, `*crypto*.py`)
The CI will:
1. **Post a prominent warning comment** with security-specific review checklist
2. **Add labels** to the PR (`security-review-needed`, `touches-encryption`, etc.)
3. **Create a status check** showing "Security Review Required" (informational, not blocking)
### 📋 Review Checklists
The bot creates specific checklists based on what was modified:
#### For Encryption Changes:
- SQLCipher pragma order (key must come first)
- No hardcoded keys
- Backward compatibility
- Migration paths
#### For Authentication Changes:
- No auth bypasses
- Secure session handling
- Proper password hashing
- No privilege escalation
#### For All Security Changes:
- No exposed secrets
- No debug bypasses
- Safe error messages
- Secure logging
## For Developers
### When You Modify Security Files:
1. **Expect the warning** - It's not a failure, just a heads-up
2. **Self-review first** - Go through the checklist yourself
3. **Document your changes** - Explain WHY the security code needed to change
4. **Test thoroughly** - Especially with existing encrypted databases
5. **Be patient** - Security reviews take time
### Red Flags to Avoid:
❌ Changing pragma order in SQLCipher code
❌ Adding "temporary" auth bypasses
❌ Logging passwords or encryption keys
❌ Hardcoding credentials
❌ Disabling security checks "for testing"
## For Reviewers
### When You See the Warning:
1. **Take it seriously** - These files can break security if done wrong
2. **Go through the checklist** - Don't just check boxes, verify each item
3. **Test locally** - Especially encryption changes with real databases
4. **Ask questions** - If something seems off, dig deeper
5. **Get a second opinion** - For CRITICAL changes, ask another reviewer
### What Caused Our Previous Issue:
The SQLCipher pragma order bug that corrupted databases happened because:
- Pragmas were applied BEFORE setting the encryption key
- This wasn't caught in review despite being in "hotfix" branch
- The change seemed logical but was actually breaking
**Lesson:** Even "obvious" changes to encryption code need careful review!
## The Philosophy
- **Warnings, not blocks** - We trust developers but want awareness
- **Specific guidance** - Checklists for what to look for
- **Risk-based** - More critical files get scarier warnings
- **Educational** - Help reviewers know what to check
## Labels Added Automatically
- `security-review-needed` - Always added for security files
- `touches-encryption` - Database encryption modified
- `touches-authentication` - Auth system modified
- `critical-changes` - Multiple security systems affected
## It's Not Perfect
This system won't catch everything:
- Logic bugs in security code
- Subtle vulnerabilities
- Dependencies with security issues
It's meant to make reviewers **pause and think** when touching dangerous code.
## Questions?
If you're unsure about a security change:
1. Ask in the PR for additional reviewers
2. Test with production-like data
3. Consider doing a security-focused code review session
4. When in doubt, be more cautious