diff options
Diffstat (limited to 'SECURITY_CHECKLIST.md')
| -rw-r--r-- | SECURITY_CHECKLIST.md | 227 |
1 files changed, 0 insertions, 227 deletions
diff --git a/SECURITY_CHECKLIST.md b/SECURITY_CHECKLIST.md deleted file mode 100644 index 46b8cea..0000000 --- a/SECURITY_CHECKLIST.md +++ /dev/null @@ -1,227 +0,0 @@ -# Security & Quality Checklist - -## Critical Security Issues (Must Fix Before Production) - -### Database Security -- [x] **SQL Injection in GetNotes()** (15 min) - - File: `internal/store/sqlite.go:208` - - Change: Use parameterized query for LIMIT clause - - Impact: Prevents SQL injection attacks - -- [ ] **SQLite Concurrency Configuration** (30 min) - - File: `internal/store/sqlite.go:22-30` - - Change: Set `MaxOpenConns(1)`, enable WAL mode - - Impact: Prevents "database is locked" errors under concurrent load - -- [ ] **Database File Permissions** (15 min) - - File: `internal/store/sqlite.go:22-24` - - Change: Set file to 0600, create dir with 0700 - - Impact: Prevents unauthorized access to cached data - -### Input/Output Security -- [ ] **Path Traversal in Obsidian** (1 hour) - - File: `internal/api/obsidian.go:49-70` - - Change: Validate paths stay within vault, skip symlinks - - Impact: Prevents arbitrary file read attacks - -### Network Security -- [ ] **HTTPS Support** (1 hour) - - File: `cmd/dashboard/main.go:86-94` - - Change: Add TLS configuration and ListenAndServeTLS - - Impact: Prevents credential theft via network sniffing - ---- - -## High Priority Issues (Should Fix Soon) - -### Concurrency & Performance -- [ ] **Context Cancellation in Goroutines** (30 min) - - File: `internal/handlers/handlers.go:151-207` - - Change: Check `ctx.Done()` before locking mutex in each goroutine - - Impact: Prevents goroutine leaks and resource exhaustion - -- [ ] **Parallelize Trello Card Fetching** (1 hour) - - File: `internal/api/trello.go:196-204` - - Change: Use goroutines with bounded concurrency for card fetching - - Impact: Reduces API call time from N+1 sequential to parallel - -- [ ] **Reduce Mutex Contention in aggregateData** (45 min) - - File: `internal/handlers/handlers.go:154-205` - - Change: Store results locally, lock only for final assignment - - Impact: Better parallelism, faster page loads - -- [ ] **HTTP Client Connection Pooling** (30 min) - - File: `internal/api/*.go` (all clients) - - Change: Configure Transport with MaxIdleConns, MaxIdleConnsPerHost - - Impact: Prevents port exhaustion and API rate limiting - -### Security Hardening -- [ ] **Rate Limiting on Endpoints** (1 hour) - - File: `cmd/dashboard/main.go:67, 73` - - Change: Add rate limiting middleware - - Impact: Prevents DoS attacks and API quota exhaustion - -- [ ] **CSRF Protection** (2 hours) - - File: `cmd/dashboard/main.go:67` - - Change: Add CSRF middleware for POST endpoints - - Impact: Prevents cross-site request forgery (needed for Phase 2) - -- [ ] **Sanitize API Keys in Logs** (30 min) - - File: `internal/api/*.go` (all clients) - - Change: Redact keys/tokens in error messages - - Impact: Prevents credential leaks via log files - -### Error Handling -- [ ] **Check JSON Unmarshal Errors** (30 min) - - File: `internal/store/sqlite.go:155, 234` - - Change: Log errors, provide defaults - - Impact: Prevents silent data loss - -- [ ] **Sanitize Error Messages** (1 hour) - - File: `internal/handlers/handlers.go` (multiple locations) - - Change: Return generic errors to users, log details internally - - Impact: Prevents information disclosure - ---- - -## Medium Priority Issues (Nice to Have) - -### Code Quality -- [ ] **Database Connection Health Check** (15 min) - - File: `internal/store/sqlite.go:22-30` - - Change: Add `db.Ping()` after opening connection - - Impact: Fail fast on database issues - -- [ ] **Null Object Pattern for Optional Clients** (1 hour) - - File: `internal/handlers/handlers.go`, `cmd/dashboard/main.go` - - Change: Implement null objects instead of nil checks - - Impact: Eliminates nil pointer risks - -- [ ] **Context Timeouts for Database Operations** (2 hours) - - File: `internal/store/sqlite.go` (all methods) - - Change: Use `QueryContext`, `ExecContext`, add context parameters - - Impact: Prevents indefinite blocking - -- [ ] **Validate API Response Data** (2 hours) - - File: `internal/api/*.go` (all clients) - - Change: Add validation functions for API responses - - Impact: Protection against malicious API servers - -### Testing -- [ ] **Add Edge Case Tests** (2 hours) - - Files: Various test files - - Tests: Empty responses, malformed JSON, network errors - - Impact: More robust error handling - -### Security Headers -- [ ] **Add Security Headers Middleware** (30 min) - - File: `cmd/dashboard/main.go` - - Change: Add X-Frame-Options, CSP, X-Content-Type-Options, etc. - - Impact: Defense in depth - -- [ ] **Content Security Policy** (1 hour) - - File: `cmd/dashboard/main.go` - - Change: Add CSP header with appropriate directives - - Impact: XSS protection - -### Configuration -- [ ] **Validate Config at Startup** (30 min) - - File: `internal/config/config.go:61-76` - - Change: Add token strength validation, file path checks - - Impact: Fail fast on misconfiguration - -- [ ] **Make HTTP Timeouts Configurable** (30 min) - - File: `internal/api/*.go` (all clients) - - Change: Add `APITimeoutSeconds` to config - - Impact: Flexibility for different environments - ---- - -## Low Priority / Future Enhancements - -### Monitoring & Observability -- [ ] **Structured Logging** (4 hours) - - Change: Replace log.Printf with structured logger (zap/zerolog) - - Impact: Better log analysis and debugging - -- [ ] **Health Check Endpoint** (30 min) - - File: `cmd/dashboard/main.go` - - Change: Add `/health` endpoint checking DB, API connectivity - - Impact: Better monitoring - -- [ ] **Metrics Collection** (4 hours) - - Change: Add Prometheus metrics for API calls, cache hits, errors - - Impact: Performance monitoring - -### Code Organization -- [ ] **Extract Constants** (1 hour) - - Files: Various - - Change: Move magic numbers to constants - - Impact: Better maintainability - -- [ ] **Standardize Error Messages** (1 hour) - - Files: Various - - Change: Consistent capitalization and formatting - - Impact: Better UX - -### Database -- [ ] **Database Encryption at Rest** (2 hours) - - File: `internal/store/sqlite.go` - - Change: Use SQLCipher - - Impact: Data protection - -- [ ] **Migration Versioning Table** (1 hour) - - File: `internal/store/sqlite.go:41-68` - - Change: Track which migrations have run - - Impact: Better migration management - ---- - -## Estimated Time Summary - -| Priority | Count | Estimated Time | -|----------|-------|----------------| -| Critical | 4 items | ~2.5 hours | -| High | 7 items | ~6.5 hours | -| Medium | 8 items | ~9.5 hours | -| Low | 8 items | ~14 hours | -| **Total** | **27 items** | **~32.5 hours** | - -### Recommended Sprint 1 (Critical + High Priority) -- **Duration**: 1-2 weeks part-time -- **Items**: 11 items -- **Time**: ~9 hours -- **Focus**: Security hardening and performance - -### Recommended Sprint 2 (Medium Priority) -- **Duration**: 1-2 weeks part-time -- **Items**: 8 items -- **Time**: ~9.5 hours -- **Focus**: Code quality and testing - ---- - -## Quick Wins (< 30 minutes each) - -These can be done in small chunks: - -1. ✓ SQL injection fix (15 min) -2. ✓ Database permissions (15 min) -3. ✓ Health check endpoint (15 min) -4. ✓ Security headers middleware (30 min) -5. ✓ Database ping check (15 min) -6. ✓ Check JSON unmarshal errors (30 min) -7. ✓ Extract constants (30 min) -8. ✓ Config validation (30 min) - -**Total Quick Wins**: ~3.5 hours, addresses 8 issues - ---- - -## Notes - -- Priority order considers both security impact and implementation effort -- Times are estimates for an experienced Go developer -- Some items may reveal additional issues during implementation -- Testing time not included (add ~30% for comprehensive testing) -- Code review time not included (add ~20% for peer review) |