security: harden input validation, resource limits, and file permissions#63
Open
alexander-morris wants to merge 1 commit intosteipete:mainfrom
Open
security: harden input validation, resource limits, and file permissions#63alexander-morris wants to merge 1 commit intosteipete:mainfrom
alexander-morris wants to merge 1 commit intosteipete:mainfrom
Conversation
Address findings from a comprehensive security audit: - Add file size limit (100MB) before reading uploads into memory - Add media download size limit to prevent disk exhaustion - Enforce 0600 permissions on SQLite database files - Validate phone numbers against E.164 format (1-15 digits) - Escape LIKE metacharacters (%, _) in all search queries - Sanitize FTS5 queries to prevent operator injection - Validate table names in PRAGMA queries - Strip null bytes and control characters in path sanitization - Add panic recovery in event handler and media worker goroutines - Fix goroutine leak: drop media jobs when queue full instead of spawning - Add forced exit on second SIGINT during sync - Use sync.Once to prevent race condition in OpenWA initialization - Reject paths containing URI-special characters for SQLite connections Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Comprehensive security audit with fixes for 12 findings across input validation, resource consumption, file permissions, and concurrency safety.
Changes
Resource Limits (HIGH):
send_file.go)wa/media.go)File Permissions (MEDIUM):
0600permissions on SQLite database files after creation (store/db.go)?and#(store/db.go,wa/client.go)Input Validation (MEDIUM):
^\d{1,15}$) inParseUserOrJID(wa/client.go)SQL Safety (LOW):
%,_) in all search queries withESCAPE '\'(store/search.go,store/chats_contacts_groups.go)store/search.go)^[a-zA-Z_][a-zA-Z0-9_]*$in PRAGMA queries (store/migrations.go)Path Safety (LOW):
SanitizeSegmentandSanitizeFilename(pathutil/sanitize.go)Concurrency & Stability (MEDIUM/LOW):
defer recover()in event handler and media worker goroutines (app/sync.go,app/media.go)app/sync.go)sync.Onceto prevent race condition inOpenWAinitialization (app/app.go)cmd/wacli/sync.go)Related Issues
Closes #50, closes #51, closes #52, closes #55, closes #56, closes #57, closes #58, closes #59, closes #60, closes #61, closes #62
Issues #53 (rate limiting) and #54 (unbounded history sync) are documented but require more extensive changes beyond this PR.
Test plan
wacli send filerejects files > 100MBfileLength> 100MB0600permissions%or_returns literal matchesgo test ./...sync --followforces immediate exit🤖 Generated with Claude Code