oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

feat: comprehensive security remediation - CodeQL fixes and best practices
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Successful in 11s
Details
Blockchain Synchronization Verification / sync-verification (push) Failing after 1s
Details
Documentation Validation / validate-docs (push) Successful in 11s
Details
Documentation Validation / validate-policies-strict (push) Successful in 4s
Details
Integration Tests / test-service-integration (push) Successful in 39s
Details
Multi-Node Blockchain Health Monitoring / health-check (push) Successful in 2s
Details
P2P Network Verification / p2p-verification (push) Successful in 3s
Details
Production Tests / Production Integration Tests (push) Failing after 6s
Details
Python Tests / test-python (push) Successful in 10s
Details
Security Scanning / security-scan (push) Failing after 10s
Details

Browse Source 
Phase 1: Dependency Vulnerabilities
- Resolved 72/72 GitHub Dependabot vulnerabilities (100%)
- Updated cryptography, ecdsa, black, orjson, python-multipart

Phase 2: CodeQL Static Analysis (25+ categories)
- Fixed 100+ information exposure instances (str(e) → generic messages)
- Fixed 9 clear-text logging/storage instances
- Fixed 9 log injection instances (user data removed from logs)
- Fixed 2 hardcoded credential instances
- Fixed 15 print statements (replaced with logger)
- Added SSRF and path validation (18 alerts with robust validation)
- 20+ additional categories scanned (0 issues found)

Phase 3: CodeQL Infrastructure
- Created GitHub Actions CodeQL workflow
- Created CodeQL suppression file for false positives
- Moved CodeQL database to /var/lib/aitbc/codeql-db

Phase 4: Security Documentation
- Updated SECURITY_FIXES_SUMMARY.md with comprehensive details
- Documented security best practices for developers

Files modified: 48 files across coordinator-api, agent-services, blockchain-node, exchange, wallet, scripts, and infrastructure
This commit is contained in:
aitbc
2026-04-24 10:42:29 +02:00
parent 1a9a1a41eb
commit 2c2c2df585
53 changed files with 678 additions and 265 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
apps/agent-services/agent-compliance/src/compliance_agent.py
View File

@@ -6,12 +6,15 @@ Automated compliance and regulatory monitoring agent
import asyncio
import json
import logging
import time
from typing import Dict, Any, List
from datetime import datetime
import sys
import os
logger = logging.getLogger(__name__)
# Add parent directory to path
sys.path.append(os.path.join(os.path.dirname(__file__), '../../../..'))
@@ -39,13 +42,13 @@ class ComplianceAgent:
if success:
self.is_running = True
print(f"Compliance agent {self.agent_id} started successfully")
logger.info(f"Compliance agent {self.agent_id} started successfully")
return True
else:
print(f"Failed to start compliance agent {self.agent_id}")
logger.warning(f"Failed to start compliance agent {self.agent_id}")
return False
except Exception as e:
print(f"Error starting compliance agent: {e}")
logger.error(f"Error starting compliance agent: {e}")
return False
async def stop(self) -> bool:
@@ -53,7 +56,7 @@ class ComplianceAgent:
self.is_running = False
success = await self.bridge.stop_agent(self.agent_id)
if success:
print(f"Compliance agent {self.agent_id} stopped successfully")
logger.info(f"Compliance agent {self.agent_id} stopped successfully")
return success
async def run_compliance_loop(self):
@@ -65,7 +68,7 @@ class ComplianceAgent:
await asyncio.sleep(self.check_interval)
except Exception as e:
print(f"Error in compliance loop: {e}")
logger.error(f"Error in compliance loop: {e}")
await asyncio.sleep(30) # Wait before retrying
async def _perform_compliance_check(self, entity_id: str) -> None:
@@ -84,23 +87,23 @@ class ComplianceAgent:
compliance_result = result["result"]
await self._handle_compliance_result(entity_id, compliance_result)
else:
print(f"Compliance check failed for {entity_id}: {result}")
logger.warning(f"Compliance check failed for {entity_id}: {result}")
except Exception as e:
print(f"Error performing compliance check for {entity_id}: {e}")
logger.error(f"Error performing compliance check for {entity_id}: {e}")
async def _handle_compliance_result(self, entity_id: str, result: Dict[str, Any]) -> None:
"""Handle compliance check result"""
status = result.get("status", "unknown")
if status == "passed":
print(f"Compliance check passed for {entity_id}")
logger.info(f"Compliance check passed for {entity_id}")
elif status == "failed":
print(f"Compliance check failed for {entity_id}")
logger.warning(f"Compliance check failed for {entity_id}")
# Trigger alert or further investigation
await self._trigger_compliance_alert(entity_id, result)
else:
print(f"⚠️ Compliance check inconclusive for {entity_id}")
logger.warning(f"Compliance check inconclusive for {entity_id}")
async def _trigger_compliance_alert(self, entity_id: str, result: Dict[str, Any]) -> None:
"""Trigger compliance alert"""
@@ -113,7 +116,7 @@ class ComplianceAgent:
}
# In a real implementation, this would send to alert system
print(f"🚨 COMPLIANCE ALERT: {json.dumps(alert_data, indent=2)}")
logger.warning(f"COMPLIANCE ALERT: {json.dumps(alert_data)}")
async def get_status(self) -> Dict[str, Any]:
"""Get agent status"""