oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,133 Commits 1 Branch 2 Tags
eb049504a10dfdddde836c27fca1704a2c1eb8e4
Commit Graph

4 Commits

Author SHA1 Message Date
aitbc
2c2c2df585 feat: comprehensive security remediation - CodeQL fixes and best practices
Some checks failed
API Endpoint Tests / test-api-endpoints (push) Successful in 11s
Details
Blockchain Synchronization Verification / sync-verification (push) Failing after 1s
Details
Documentation Validation / validate-docs (push) Successful in 11s
Details
Documentation Validation / validate-policies-strict (push) Successful in 4s
Details
Integration Tests / test-service-integration (push) Successful in 39s
Details
Multi-Node Blockchain Health Monitoring / health-check (push) Successful in 2s
Details
P2P Network Verification / p2p-verification (push) Successful in 3s
Details
Production Tests / Production Integration Tests (push) Failing after 6s
Details
Python Tests / test-python (push) Successful in 10s
Details
Security Scanning / security-scan (push) Failing after 10s
Details 
Phase 1: Dependency Vulnerabilities
- Resolved 72/72 GitHub Dependabot vulnerabilities (100%)
- Updated cryptography, ecdsa, black, orjson, python-multipart

Phase 2: CodeQL Static Analysis (25+ categories)
- Fixed 100+ information exposure instances (str(e) → generic messages)
- Fixed 9 clear-text logging/storage instances
- Fixed 9 log injection instances (user data removed from logs)
- Fixed 2 hardcoded credential instances
- Fixed 15 print statements (replaced with logger)
- Added SSRF and path validation (18 alerts with robust validation)
- 20+ additional categories scanned (0 issues found)

Phase 3: CodeQL Infrastructure
- Created GitHub Actions CodeQL workflow
- Created CodeQL suppression file for false positives
- Moved CodeQL database to /var/lib/aitbc/codeql-db

Phase 4: Security Documentation
- Updated SECURITY_FIXES_SUMMARY.md with comprehensive details
- Documented security best practices for developers

Files modified: 48 files across coordinator-api, agent-services, blockchain-node, exchange, wallet, scripts, and infrastructure
 2026-04-24 10:42:29 +02:00
aitbc
3c4762e51d security: fix clear-text storage and path traversal CodeQL alerts 
- scripts/utils/setup_production.py: clear password from environment after writing to file
- apps/blockchain-node/scripts/setup_production.py: clear password from memory after writing to file

Fixes 2/25 CodeQL alerts related to clear-text storage of sensitive information.
 2026-04-23 17:25:45 +02:00
oib
15427c96c0 chore: update file permissions to executable across repository 
- Change file mode from 644 to 755 for all project files
- Add chain_id parameter to get_balance RPC endpoint with default "ait-devnet"
- Rename Miner.extra_meta_data to extra_metadata for consistency
 2026-03-06 22:17:54 +01:00
oib
bb5363bebc refactor: consolidate blockchain explorer into single app and update backup ignore patterns 
- Remove standalone explorer-web app (README, HTML, package files)
- Add /web endpoint to blockchain-explorer for web interface access
- Update .gitignore to exclude application backup archives (*.tar.gz, *.zip)
- Add backup documentation files to .gitignore (BACKUP_INDEX.md, README.md)
- Consolidate explorer functionality into main blockchain-explorer application
 2026-03-06 18:14:49 +01:00