[audit] Security, code quality, missing tests, error handling #3

New issue

Open

opened 2026-03-22 16:41:18 +00:00 by Virgil · 1 comment

Virgil commented 2026-03-22 16:41:18 +00:00

Member

Copy link

Full audit:

1. Security: SQL injection, XSS, CSRF bypass, mass assignment, path traversal, insecure deserialization
2. Code quality: missing strict_types, missing type hints, missing return types
3. Missing tests: modules/actions without Pest test coverage
4. Error handling: swallowed exceptions, bare try/catch, missing validation
5. UK English: American spellings (color→colour, organization→organisation, center→centre)
6. Coding standards: PSR-12 compliance, Action pattern usage, BelongsToWorkspace scoping
7. Missing SPDX licence headers (EUPL-1.2)

Report all findings with severity and file:line. Do NOT fix.

Full audit: 1. Security: SQL injection, XSS, CSRF bypass, mass assignment, path traversal, insecure deserialization 2. Code quality: missing strict_types, missing type hints, missing return types 3. Missing tests: modules/actions without Pest test coverage 4. Error handling: swallowed exceptions, bare try/catch, missing validation 5. UK English: American spellings (color→colour, organization→organisation, center→centre) 6. Coding standards: PSR-12 compliance, Action pattern usage, BelongsToWorkspace scoping 7. Missing SPDX licence headers (EUPL-1.2) Report all findings with severity and file:line. Do NOT fix.

Virgil commented 2026-03-22 19:40:53 +00:00

Author

Member

Copy link

Codex Audit Findings

HIGH (2)

1. Cross-workspace server actions bypass isolation — listing scoped with ownedByCurrentWorkspace() but mutating actions use unscoped findOrFail($id). Hades user can read/update/test/delete servers across workspace boundaries (Servers.php:67/:115/:142/:156)
2. Read-only SQL guard bypassed — allowlist only checks first token, permits EXPLAIN ANALYZE DELETE/UPDATE on PostgreSQL (Database.php:36/:73/:134)

## Codex Audit Findings ### HIGH (2) 1. Cross-workspace server actions bypass isolation — listing scoped with ownedByCurrentWorkspace() but mutating actions use unscoped findOrFail($id). Hades user can read/update/test/delete servers across workspace boundaries (Servers.php:67/:115/:142/:156) 2. Read-only SQL guard bypassed — allowlist only checks first token, permits EXPLAIN ANALYZE DELETE/UPDATE on PostgreSQL (Database.php:36/:73/:134)

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

main

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels   

P1

Priority 1 - Critical

  

P2

Priority 2 - Important

  

P3

Priority 3 - Nice to have

  

PHP

PHP codebase

  

bug

Bug fix

  

clotho

Assigned to Clotho AI agent

  

discovery

Auto-discovered by agent

  

docs

Documentation

  

refactor

Code quality refactoring

  

review

Needs human review

  

security

Security hardening

  

testing

Test coverage

  

athena

Assign to Athena AI agent (M3 Ultra)

  

athena-gemini

Dispatch to Gemini CLI on M3 Ultra

  

audit

Code audit task

  

clotho

Assign to Clotho AI agent for processing

  

clotho-gemini

Dispatch to Gemini CLI on darbs (AU)

  

codex

Dispatch to Codex CLI on gateway for analysis

  

darbs-claude

Dispatch to Claude on darbs (AU)

  

security

Security review task

  

wiki

Documentation/wiki update

No labels

P1

P2

P3

PHP

bug

clotho

discovery

docs

refactor

review

security

testing

athena

athena-gemini

audit

clotho

clotho-gemini

codex

darbs-claude

security

wiki

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

-

Dependencies

No dependencies set.

Reference: core/php-developer#3

No description provided.