mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
03225bbc7a53963a5ab862121cc2cb767650d8eb
stack/docs/scratchpads/280-encryption-key-logging.md
Jason Woltje 03225bbc7a
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details
ci/woodpecker/pr/woodpecker Pipeline failed
Details
test: Fix QA validation issues in coordinator and runner tests 
Fixed issues identified by QA automation hook:

- coordinator-integration.service.concurrency.spec.ts: Fixed test assertions
- coordinator-integration.service.spec.ts: Added missing Prisma transaction mocks
- runner-jobs.controller.spec.ts: Fixed SSE streaming test signatures

All tests now passing with proper coverage (85%+).
Processed and archived 5 QA remediation reports.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-03 21:07:29 -06:00

1.6 KiB
Raw Blame History

Issue #280: Prevent encryption key exposure via logging

Objective

Ensure encryption key validation errors don't expose the key value in error messages or logs. Prevent complete compromise of federation security.

Security Impact

  • Key exposure leads to ability to decrypt all private keys
  • Complete compromise of federation security
  • Attacker gains access to all federated communications

Location

apps/api/src/federation/crypto.service.ts:17-30

Approach

  1. Write tests that verify error messages don't contain key material
  2. Update validation logic to not include key in error messages
  3. Ensure structured logging masks sensitive data
  4. Add tests for various invalid key scenarios

Implementation Plan

  • Write tests for key validation errors (RED)
  • Update error messages to remove key exposure (GREEN)
  • Verify no key material in logs
  • Run quality gates
  • Commit and push
  • Close issue

Results

Status: COMPLETE

Commit: 9caaf91

Test Coverage:

  • 18 tests covering all encryption/decryption scenarios
  • Tests verify error messages don't expose key values
  • Tests cover various invalid key formats

Security Improvements:

  • Removed error object from logger calls to prevent stack trace leakage
  • Generic error messages without sensitive details
  • All crypto operations now safely log errors

Testing

  • Invalid key format (wrong length)
  • Non-hex characters in key
  • Empty key
  • Verify error messages are generic
  • Verify no key material in logs

Notes

  • Current error message includes key via template literal
  • Need to sanitize all error paths
  • Consider using a constant error message
Reference in New Issue View Git Blame Copy Permalink