mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
01639fff957e204177cab4b79ef0645640566a99
stack/apps/api/src/federation
History
Jason Woltje 01639fff95 feat(#285): Add input sanitization for XSS prevention 
Security improvements:
- Create sanitization utility using sanitize-html library
- Add @Sanitize() and @SanitizeObject() decorators for DTOs
- Apply sanitization to vulnerable fields:
  - Connection rejection/disconnection reasons
  - Connection metadata
  - Identity linking metadata
  - Command payloads
- Remove script tags, event handlers, javascript: URLs
- Prevent data exfiltration, CSS-based XSS, SVG-based XSS

Changes:
- Add sanitize.util.ts with recursive sanitization functions
- Add sanitize.decorator.ts for class-transformer integration
- Update connection.dto.ts with sanitization decorators
- Update identity-linking.dto.ts with sanitization decorators
- Update command.dto.ts with sanitization decorators
- Add comprehensive test coverage including attack vectors

Part of M7.1 Remediation Sprint P1 security fixes.

Fixes #285

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-03 21:47:32 -06:00
..
dto
feat(#285): Add input sanitization for XSS prevention
2026-02-03 21:47:32 -06:00
errors
Fix QA validation issues and add M7.1 security fixes (#318)
2026-02-04 03:08:09 +00:00
guards
feat(#273): Implement capability-based authorization for federation
2026-02-03 19:53:09 -06:00
types
feat(#93): implement agent spawn via federation
2026-02-03 14:37:06 -06:00
utils
fix(#279): Validate orchestrator URL configuration (SSRF risk)
2026-02-03 20:47:41 -06:00
audit.service.ts
fix(#279): Validate orchestrator URL configuration (SSRF risk)
2026-02-03 20:47:41 -06:00
command.controller.spec.ts
feat(#89): implement COMMAND message type for federation
2026-02-03 13:30:16 -06:00
command.controller.ts
feat(#89): implement COMMAND message type for federation
2026-02-03 13:30:16 -06:00
command.service.spec.ts
fix(#283): Enforce connection status validation in queries
2026-02-03 21:32:47 -06:00
command.service.ts
fix(#283): Enforce connection status validation in queries
2026-02-03 21:32:47 -06:00
connection.service.spec.ts
feat(#284): Reduce timestamp validation window to 60s with replay attack prevention
2026-02-03 21:43:01 -06:00
connection.service.ts
feat(#284): Reduce timestamp validation window to 60s with replay attack prevention
2026-02-03 21:43:01 -06:00
crypto.service.spec.ts
fix(#289): Prevent private key decryption error data leaks
2026-02-03 21:35:15 -06:00
crypto.service.ts
fix(#289): Prevent private key decryption error data leaks
2026-02-03 21:35:15 -06:00
event.controller.spec.ts
feat(#90): implement EVENT subscriptions for federation
2026-02-03 13:45:00 -06:00
event.controller.ts
feat(#90): implement EVENT subscriptions for federation
2026-02-03 13:45:00 -06:00
event.service.spec.ts
feat(#90): implement EVENT subscriptions for federation
2026-02-03 13:45:00 -06:00
event.service.ts
feat(#90): implement EVENT subscriptions for federation
2026-02-03 13:45:00 -06:00
federation-agent.service.spec.ts
Fix QA validation issues and add M7.1 security fixes (#318)
2026-02-04 03:08:09 +00:00
federation-agent.service.ts
Fix QA validation issues and add M7.1 security fixes (#318)
2026-02-04 03:08:09 +00:00
federation-auth.controller.spec.ts
fix(#271): implement OIDC token validation (authentication bypass)
2026-02-03 16:50:06 -06:00
federation-auth.controller.ts
fix: resolve TypeScript errors in orchestrator and API
2026-02-03 20:07:49 -06:00
federation.controller.spec.ts
feat(#94): implement spoke configuration UI
2026-02-03 14:51:59 -06:00
federation.controller.ts
fix(#278): Implement CSRF protection using double-submit cookie pattern
2026-02-03 20:35:00 -06:00
federation.module.ts
feat(#284): Reduce timestamp validation window to 60s with replay attack prevention
2026-02-03 21:43:01 -06:00
federation.service.spec.ts
fix(#288): Upgrade RSA key size to 4096 bits
2026-02-03 21:33:57 -06:00
federation.service.ts
fix(#288): Upgrade RSA key size to 4096 bits
2026-02-03 21:33:57 -06:00
http-timeout.spec.ts
Fix QA validation issues and add M7.1 security fixes (#318)
2026-02-04 03:08:09 +00:00
identity-linking.controller.spec.ts
fix(#290): Secure identity verification endpoint
2026-02-03 21:36:31 -06:00
identity-linking.controller.ts
fix(#290): Secure identity verification endpoint
2026-02-03 21:36:31 -06:00
identity-linking.service.spec.ts
feat(#87): implement cross-instance identity linking for federation
2026-02-03 12:55:37 -06:00
identity-linking.service.ts
fix(#271): implement OIDC token validation (authentication bypass)
2026-02-03 16:50:06 -06:00
identity-resolution.service.spec.ts
feat(#87): implement cross-instance identity linking for federation
2026-02-03 12:55:37 -06:00
identity-resolution.service.ts
feat(#87): implement cross-instance identity linking for federation
2026-02-03 12:55:37 -06:00
index.ts
feat(#273): Implement capability-based authorization for federation
2026-02-03 19:53:09 -06:00
oidc.service.spec.ts
fix(#271): implement OIDC token validation (authentication bypass)
2026-02-03 16:50:06 -06:00
oidc.service.ts
fix(#271): implement OIDC token validation (authentication bypass)
2026-02-03 16:50:06 -06:00
query.controller.spec.ts
feat(#88): implement QUERY message type for federation
2026-02-03 13:12:12 -06:00
query.controller.ts
feat(#88): implement QUERY message type for federation
2026-02-03 13:12:12 -06:00
query.service.spec.ts
fix(#283): Enforce connection status validation in queries
2026-02-03 21:32:47 -06:00
query.service.ts
fix(#283): Enforce connection status validation in queries
2026-02-03 21:32:47 -06:00
signature.service.spec.ts
feat(#284): Reduce timestamp validation window to 60s with replay attack prevention
2026-02-03 21:43:01 -06:00
signature.service.ts
feat(#284): Reduce timestamp validation window to 60s with replay attack prevention
2026-02-03 21:43:01 -06:00