core/php-uptelligence
8
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
7 commits 2 branches 0 tags 200 KiB
Commit graph

7 commits

This branch
This branch
All branches
Author SHA1 Message Date
Snider
6f71edd14e fix(security): address P2 security items and migration mismatch 
P2-058: Migration Mismatch
- Created new migration for vendor tracking tables (000004)
- Added explicit $table property to all models with uptelligence_ prefix
- Clarified dual-purpose nature (uptime monitoring + vendor tracking)
- Added appropriate indexes for common query patterns

P2-059: Webhook Signature Timing Attack Audit
- Verified all signature verification uses hash_equals()
- Added comprehensive tests in WebhookSignatureVerificationTest.php
- Tests cover all providers, grace periods, edge cases

P2-060: API Key Exposure in Logs
- Added redactSensitiveData() to AIAnalyzerService
- Added redactSensitiveData() to IssueGeneratorService
- Added redactSensitiveData() to VendorUpdateCheckerService
- Redacts API keys, tokens, bearer tokens, auth headers

P2-061: Missing Webhook Payload Validation
- Added MAX_PAYLOAD_SIZE (1MB) and MAX_JSON_DEPTH (32) limits
- Added validatePayloadSize() for DoS protection
- Added parseAndValidateJson() with depth limit
- Added validatePayloadStructure() for provider-specific validation
- Added hasExcessiveArraySize() to prevent memory exhaustion
- Added tests in WebhookPayloadValidationTest.php

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 13:29:26 +00:00
Snider
ef8a40829f security: fix shell injection in AssetTrackerService 
- Add package name validation with strict regex patterns
- Convert all Process::run() calls to array syntax
- Support Composer and NPM package name formats
- Add comprehensive shell injection tests (20 attack patterns)
- Update security docs and changelog

Fixes P2 shell injection vulnerability from security audit.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-29 12:21:07 +00:00
Snider
256e0c38b7 docs: rewrite CLAUDE.md for core-uptelligence package 
Replace generic Core PHP Framework boilerplate with package-specific
documentation covering the vendor tracking module's architecture,
services, and commands.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-28 14:14:53 +00:00
Snider
6c17c39c97 refactor: update Tenant namespace imports to Core\Tenant 
Align with core-tenant namespace structure.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-27 17:42:11 +00:00
Snider
e0d2325a20 refactor: move namespace from Core\Uptelligence to Core\Mod\Uptelligence 
Aligns module namespace with Core PHP Framework conventions where
modules live under the Core\Mod\ namespace hierarchy. This follows
the monorepo separation work started in 40d893a.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-27 16:32:55 +00:00
Snider
40d893af44 monorepo sepration 2026-01-26 23:56:46 +00:00
Snider
737e705755
Initial commit 2026-01-26 23:25:24 +00:00