Mining

Snider/Mining

Fork 0

Commit graph

Author	SHA1	Message	Date
snider	8fb240967a	fix: Address 9 security findings from code review (batch 6) Security fixes: - CRIT-012: Add compile-time bounds checking in Job::setBlob() - CRIT-017: Add header count limit (64 max) to prevent DoS - HIGH-005: Disable TLSv1.0 and TLSv1.1 (BEAST/POODLE vulnerable) - HIGH-008: Document signal handler safety (libuv defers to event loop) - HIGH-011: Fix memory leak in BindHost using String copy constructor - HIGH-023: Document JSON type safety check in Client::parse() Quality improvements: - MED-002: Add security headers (X-Content-Type-Options, X-Frame-Options, CSP) - MED-007: Add URL length validation (8KB limit) - MED-009: Reduce self-signed cert validity from 10 years to 1 year 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-31 19:14:24 +00:00
snider	354fd5da28	fix: Address 10 critical and high security findings in proxy Security fixes implemented: - CRIT-001/002: Replace static shared buffer with per-instance buffer in Miner - CRIT-003: Redact password from API response in ApiRouter - CRIT-004: Fix TlsContext::setCiphers returning true on failure + TLS hardening - CRIT-005: Add null check in Controller destructor to prevent double-free - CRIT-006: Add JSON type validation before member access in BindHost - CRIT-007: Restrict CORS to localhost + add security headers in HttpApiResponse - CRIT-014: Add HTTP body/header/URL size limits to prevent DoS - HIGH-001: Make miner ID generation thread-safe with std::atomic - HIGH-003: Make all global counters atomic in Counters class - HIGH-009: Implement rolling window for latency vector (max 10K entries) These fixes address race conditions, memory exhaustion DoS vectors, information disclosure, and thread safety issues identified during parallel code review. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-31 18:22:28 +00:00
snider	69376b886f	feat: Rebrand xmrig to miner and vendor XMRig ecosystem Complete rebranding of all components: - Core miner: xmrig -> miner (binary, version.h, CMakeLists.txt) - Proxy: xmrig-proxy -> miner-proxy - CUDA plugin: xmrig-cuda -> miner-cuda - Heatmap: xmrig-nonces-heatmap -> miner-nonces-heatmap - Go CLI wrapper: miner-cli -> miner-ctrl Vendored XMRig ecosystem into miner/ directory: - miner/core - XMRig CPU/GPU miner - miner/proxy - Stratum proxy - miner/cuda - NVIDIA CUDA plugin - miner/heatmap - Nonce visualization tool - miner/config - Configuration UI - miner/deps - Pre-built dependencies Updated dev fee to use project wallet with opt-out (kMinimumDonateLevel=0) Updated branding to Lethean (domain, copyright, version 0.1.0) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2025-12-30 19:43:02 +00:00

Author

SHA1

Message

Date

snider

8fb240967a

fix: Address 9 security findings from code review (batch 6)

Security fixes:
- CRIT-012: Add compile-time bounds checking in Job::setBlob()
- CRIT-017: Add header count limit (64 max) to prevent DoS
- HIGH-005: Disable TLSv1.0 and TLSv1.1 (BEAST/POODLE vulnerable)
- HIGH-008: Document signal handler safety (libuv defers to event loop)
- HIGH-011: Fix memory leak in BindHost using String copy constructor
- HIGH-023: Document JSON type safety check in Client::parse()

Quality improvements:
- MED-002: Add security headers (X-Content-Type-Options, X-Frame-Options, CSP)
- MED-007: Add URL length validation (8KB limit)
- MED-009: Reduce self-signed cert validity from 10 years to 1 year

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2025-12-31 19:14:24 +00:00

snider

354fd5da28

fix: Address 10 critical and high security findings in proxy

Security fixes implemented:
- CRIT-001/002: Replace static shared buffer with per-instance buffer in Miner
- CRIT-003: Redact password from API response in ApiRouter
- CRIT-004: Fix TlsContext::setCiphers returning true on failure + TLS hardening
- CRIT-005: Add null check in Controller destructor to prevent double-free
- CRIT-006: Add JSON type validation before member access in BindHost
- CRIT-007: Restrict CORS to localhost + add security headers in HttpApiResponse
- CRIT-014: Add HTTP body/header/URL size limits to prevent DoS
- HIGH-001: Make miner ID generation thread-safe with std::atomic
- HIGH-003: Make all global counters atomic in Counters class
- HIGH-009: Implement rolling window for latency vector (max 10K entries)

These fixes address race conditions, memory exhaustion DoS vectors,
information disclosure, and thread safety issues identified during
parallel code review.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2025-12-31 18:22:28 +00:00

snider

69376b886f

feat: Rebrand xmrig to miner and vendor XMRig ecosystem

Complete rebranding of all components:
- Core miner: xmrig -> miner (binary, version.h, CMakeLists.txt)
- Proxy: xmrig-proxy -> miner-proxy
- CUDA plugin: xmrig-cuda -> miner-cuda
- Heatmap: xmrig-nonces-heatmap -> miner-nonces-heatmap
- Go CLI wrapper: miner-cli -> miner-ctrl

Vendored XMRig ecosystem into miner/ directory:
- miner/core - XMRig CPU/GPU miner
- miner/proxy - Stratum proxy
- miner/cuda - NVIDIA CUDA plugin
- miner/heatmap - Nonce visualization tool
- miner/config - Configuration UI
- miner/deps - Pre-built dependencies

Updated dev fee to use project wallet with opt-out (kMinimumDonateLevel=0)
Updated branding to Lethean (domain, copyright, version 0.1.0)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2025-12-30 19:43:02 +00:00

3 commits