security: validate IP addresses before storage #38

New issue

Open

opened 2026-02-20 03:02:43 +00:00 by Clotho · 0 comments

Clotho commented 2026-02-20 03:02:43 +00:00

Member

Copy link

Issue

Models/AgentApiKey.php::recordLastUsedIp() (line 389) doesn't validate IP format.

Current Code

public function recordLastUsedIp(string $ip): self
{
    $this->update(['last_used_ip' => $ip]);
    return $this;
}

Expected Behavior

Validate IP address format before storing.

Acceptance Criteria

• Add IP validation (IPv4/IPv6)
• Throw exception on invalid IP
• Add tests for validation
• Document expected format

References

• Discovered in security scan
• Services/IpRestrictionService.php has validation logic

## Issue `Models/AgentApiKey.php::recordLastUsedIp()` (line 389) doesn't validate IP format. ## Current Code ```php public function recordLastUsedIp(string $ip): self { $this->update(['last_used_ip' => $ip]); return $this; } ``` ## Expected Behavior Validate IP address format before storing. ## Acceptance Criteria - [ ] Add IP validation (IPv4/IPv6) - [ ] Throw exception on invalid IP - [ ] Add tests for validation - [ ] Document expected format ## References - Discovered in security scan - `Services/IpRestrictionService.php` has validation logic

Clotho added the

review

discovery

labels 2026-02-20 03:02:43 +00:00

Clotho referenced this issue 2026-02-20 03:04:25 +00:00

discovery: scan php-agentic and create improvement issues #2

Clotho referenced this issue 2026-02-20 03:04:39 +00:00

discovery: scan php-agentic and create improvement issues #2

Charon added the

clotho

label 2026-02-20 10:57:36 +00:00

Charon added

PHP

security

P1

and removed

clotho

review

discovery

labels 2026-02-20 12:16:57 +00:00

Clotho was assigned by Charon 2026-02-20 12:20:50 +00:00

Snider added the

clotho

label 2026-02-21 00:38:35 +00:00

Charon added the

agent-ready

label 2026-02-21 01:31:24 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

feat/phase-0-assessment

dev

No results found.

Labels

Clear labels   

P1

Priority 1 - Critical

  

P2

Priority 2 - Important

  

P3

Priority 3 - Nice to have

  

PHP

PHP codebase

  

agent-ready

  

bug

Bug fix

  

clotho

Assigned to Clotho AI agent

  

discovery

Auto-discovered by agent

  

docs

Documentation

  

refactor

Code quality refactoring

  

review

Needs human review

  

security

Security hardening

  

testing

Test coverage

  

athena

Assign to Athena AI agent (M3 Ultra)

  

athena-gemini

Dispatch to Gemini CLI on M3 Ultra

  

audit

Code audit task

  

clotho

Assign to Clotho AI agent for processing

  

clotho-gemini

Dispatch to Gemini CLI on darbs (AU)

  

codex

Dispatch to Codex CLI on gateway for analysis

  

darbs-claude

Dispatch to Claude on darbs (AU)

  

security

Security review task

  

wiki

Documentation/wiki update

No labels

P1

P2

P3

PHP

agent-ready

bug

clotho

discovery

docs

refactor

review

security

testing

athena

athena-gemini

audit

clotho

clotho-gemini

codex

darbs-claude

security

wiki

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

Clotho

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: core/php-agentic#38

No description provided.