changes
This commit is contained in:
HotSwapp
170
SECURITY_SETUP_README.md
Normal file
170
SECURITY_SETUP_README.md
Normal file
@@ -0,0 +1,170 @@
|
||||
# 🔒 Delphi Database System - Security Setup Guide
|
||||
|
||||
## ⚠️ CRITICAL: P0 Security Issues RESOLVED
|
||||
|
||||
The following **CRITICAL SECURITY VULNERABILITIES** have been fixed:
|
||||
|
||||
### ✅ **1. CORS Vulnerability Fixed**
|
||||
- **Issue**: `allow_origins=["*"]` allowed any website to access the API
|
||||
- **Fix**: CORS now requires specific domain configuration via `CORS_ORIGINS` environment variable
|
||||
- **Location**: `app/main.py:61-87`
|
||||
|
||||
### ✅ **2. Hardcoded Passwords Removed**
|
||||
- **Issue**: Default passwords `admin123` and `change-me` were hardcoded
|
||||
- **Fix**: All passwords now require secure environment variables
|
||||
- **Files Fixed**: `app/config.py`, `e2e/global-setup.js`, `playwright.config.js`, `docker-compose.dev.yml`, `scripts/init-container.sh`, `templates/login.html`
|
||||
|
||||
### ✅ **3. Comprehensive Input Validation Added**
|
||||
- **Issue**: Upload endpoints lacked proper security validation
|
||||
- **Fix**: New `app/utils/file_security.py` module provides:
|
||||
- File type validation using content inspection (not just extensions)
|
||||
- File size limits to prevent DoS attacks
|
||||
- Path traversal protection
|
||||
- Malware pattern detection
|
||||
- Filename sanitization
|
||||
- **Files Enhanced**: `app/api/documents.py`, `app/api/templates.py`, `app/api/admin.py`
|
||||
|
||||
### ✅ **4. Path Traversal Protection Implemented**
|
||||
- **Issue**: File operations could potentially access files outside intended directories
|
||||
- **Fix**: Secure path generation with directory traversal prevention
|
||||
- **Implementation**: `FileSecurityValidator.generate_secure_path()`
|
||||
|
||||
## 🚀 Quick Security Setup
|
||||
|
||||
### 1. Generate Secure Environment Configuration
|
||||
|
||||
```bash
|
||||
# Run the automated security setup script
|
||||
python scripts/setup-secure-env.py
|
||||
```
|
||||
|
||||
This script will:
|
||||
- Generate a cryptographically secure 32+ character SECRET_KEY
|
||||
- Create a strong admin password
|
||||
- Configure CORS for your specific domains
|
||||
- Set up production-ready security settings
|
||||
- Create a secure `.env` file with proper permissions
|
||||
|
||||
### 2. Manual Environment Setup
|
||||
|
||||
If you prefer manual setup, copy `env-example.txt` to `.env` and configure:
|
||||
|
||||
```bash
|
||||
# Copy the example file
|
||||
cp env-example.txt .env
|
||||
|
||||
# Generate a secure secret key
|
||||
python -c "import secrets; print('SECRET_KEY=' + secrets.token_urlsafe(32))"
|
||||
|
||||
# Generate a secure admin password
|
||||
python -c "import secrets, string; print('ADMIN_PASSWORD=' + ''.join(secrets.choice(string.ascii_letters + string.digits + '!@#$%^&*') for _ in range(16)))"
|
||||
```
|
||||
|
||||
### 3. Required Environment Variables
|
||||
|
||||
**CRITICAL - Must be set before running:**
|
||||
|
||||
```bash
|
||||
SECRET_KEY=your-32-plus-character-random-string
|
||||
ADMIN_PASSWORD=your-secure-admin-password
|
||||
CORS_ORIGINS=https://your-domain.com,https://www.your-domain.com
|
||||
```
|
||||
|
||||
**Important - Should be configured:**
|
||||
|
||||
```bash
|
||||
DEBUG=False # For production
|
||||
SECURE_COOKIES=True # For HTTPS production
|
||||
DATABASE_URL=your-db-url # For production database
|
||||
```
|
||||
|
||||
## 🛡️ Security Features Implemented
|
||||
|
||||
### File Upload Security
|
||||
- **File Type Validation**: Content-based MIME type detection (not just extensions)
|
||||
- **Size Limits**: Configurable per file category to prevent DoS
|
||||
- **Path Traversal Protection**: Secure path generation prevents directory escape
|
||||
- **Malware Detection**: Basic pattern scanning for malicious content
|
||||
- **Filename Sanitization**: Removes dangerous characters and path separators
|
||||
|
||||
### Authentication Security
|
||||
- **Strong Password Requirements**: Environment-enforced secure passwords
|
||||
- **Secure Secret Management**: Cryptographically secure JWT secret keys
|
||||
- **No Hardcoded Credentials**: All secrets via environment variables
|
||||
|
||||
### Network Security
|
||||
- **Restricted CORS**: Domain-specific origin restrictions
|
||||
- **Secure Headers**: Proper CORS header configuration
|
||||
- **Method Restrictions**: Limited to necessary HTTP methods
|
||||
|
||||
## 🔍 Security Validation
|
||||
|
||||
### Before Production Deployment
|
||||
|
||||
Run this checklist to verify security:
|
||||
|
||||
```bash
|
||||
# 1. Verify no hardcoded secrets
|
||||
grep -r "admin123\|change-me\|secret.*=" app/ --exclude-dir=__pycache__ || echo "✅ No hardcoded secrets found"
|
||||
|
||||
# 2. Verify CORS configuration
|
||||
grep -n "allow_origins" app/main.py
|
||||
|
||||
# 3. Verify .env file permissions
|
||||
ls -la .env | grep "^-rw-------" && echo "✅ .env permissions correct" || echo "❌ Fix .env permissions: chmod 600 .env"
|
||||
|
||||
# 4. Test file upload validation
|
||||
curl -X POST http://localhost:8000/api/documents/upload/test-file \
|
||||
-H "Authorization: Bearer your-token" \
|
||||
-F "file=@malicious.exe" \
|
||||
&& echo "❌ Upload validation failed" || echo "✅ Upload validation working"
|
||||
```
|
||||
|
||||
### Security Test Results Expected
|
||||
|
||||
- ✅ No hardcoded passwords in codebase
|
||||
- ✅ CORS origins restricted to specific domains
|
||||
- ✅ File uploads reject dangerous file types
|
||||
- ✅ Path traversal attempts blocked
|
||||
- ✅ Large file uploads rejected
|
||||
- ✅ .env file has restrictive permissions (600)
|
||||
|
||||
## 🚨 Production Security Checklist
|
||||
|
||||
### Required Before Going Live
|
||||
|
||||
- [ ] **SECRET_KEY** generated with 32+ cryptographically random characters
|
||||
- [ ] **ADMIN_PASSWORD** set to strong password (12+ chars, mixed case, symbols)
|
||||
- [ ] **CORS_ORIGINS** configured for specific production domains (not localhost)
|
||||
- [ ] **DEBUG=False** set for production
|
||||
- [ ] **SECURE_COOKIES=True** if using HTTPS (required for production)
|
||||
- [ ] **Database backups** configured and tested
|
||||
- [ ] **HTTPS enabled** with valid SSL certificates
|
||||
- [ ] **.env file** has 600 permissions and is not in version control
|
||||
- [ ] **Log monitoring** configured for security events
|
||||
- [ ] **Rate limiting** configured (next priority)
|
||||
- [ ] **Security audit** completed by security professional
|
||||
|
||||
### Ongoing Security Maintenance
|
||||
|
||||
- 🔄 **Rotate SECRET_KEY** every 90 days using `scripts/rotate-secret-key.py`
|
||||
- 🔄 **Change admin password** every 90 days
|
||||
- 📊 **Monitor logs** for security events
|
||||
- 🔍 **Regular security scans** of dependencies
|
||||
- 📋 **Keep software updated** (Python, FastAPI, dependencies)
|
||||
|
||||
## 📞 Next Steps
|
||||
|
||||
The P0 Critical Security Issues are now **RESOLVED**. The system is significantly more secure, but you should continue with P1 High Priority items:
|
||||
|
||||
1. **Rate Limiting** - Implement API rate limiting to prevent abuse
|
||||
2. **Security Headers** - Add HSTS, CSP, X-Frame-Options headers
|
||||
3. **Session Management** - Enhance JWT token management
|
||||
4. **Database Security** - Review SQL injection prevention
|
||||
5. **Security Monitoring** - Implement intrusion detection
|
||||
|
||||
For immediate deployment readiness, ensure all items in the **Production Security Checklist** above are completed.
|
||||
|
||||
---
|
||||
|
||||
**🔒 Remember**: Security is an ongoing process. This setup addresses the most critical vulnerabilities, but regular security reviews and updates are essential for a production system handling sensitive legal and financial data.
|
||||
Reference in New Issue
Block a user