Jason Woltje
a1973e6419
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Co-authored-by: Jason Woltje <jason@diversecanvas.com> Co-committed-by: Jason Woltje <jason@diversecanvas.com>
1.6 KiB
1.6 KiB
Issue #280: Prevent encryption key exposure via logging
Objective
Ensure encryption key validation errors don't expose the key value in error messages or logs. Prevent complete compromise of federation security.
Security Impact
- Key exposure leads to ability to decrypt all private keys
- Complete compromise of federation security
- Attacker gains access to all federated communications
Location
apps/api/src/federation/crypto.service.ts:17-30
Approach
- Write tests that verify error messages don't contain key material
- Update validation logic to not include key in error messages
- Ensure structured logging masks sensitive data
- Add tests for various invalid key scenarios
Implementation Plan
- Write tests for key validation errors (RED)
- Update error messages to remove key exposure (GREEN)
- Verify no key material in logs
- Run quality gates
- Commit and push
- Close issue
Results
Status: ✅ COMPLETE
Commit: 9caaf91
Test Coverage:
- 18 tests covering all encryption/decryption scenarios
- Tests verify error messages don't expose key values
- Tests cover various invalid key formats
Security Improvements:
- Removed error object from logger calls to prevent stack trace leakage
- Generic error messages without sensitive details
- All crypto operations now safely log errors
Testing
- Invalid key format (wrong length)
- Non-hex characters in key
- Empty key
- Verify error messages are generic
- Verify no key material in logs
Notes
- Current error message includes key via template literal
- Need to sanitize all error paths
- Consider using a constant error message