m17hr1l/psyc - psyc - Gitea: Git with a cup of tea

m17hr1l/psyc

Fork 0

Commit Graph

Author	SHA1	Message	Date
m17hr1l	4f12e344a8	xss fixes from audit: - F1 case_detail.html: scheme-check source_ref href (block javascript: URLs) - F2 admin.html / F3 admin_federation.html: replace inline onsubmit confirm() with data-attr + global handler in base.html (no more label/domain interpolation into onsubmit attribute string) - federation.register_peer: validate hostname + fingerprint regex at ingest - federation_explore.html: window.PSYC_EXPLORE via \| tojson - federation_network.js: DOMAIN_RE guard on peer-supplied domain before building cross-origin fetch URL (also closes open-redirect via 'open their explorer' button) - app.py: nosniff + Referrer-Policy: no-referrer + X-Frame-Options: DENY - sw.js: psyc-v11 cache bump CSP deferred — needs inline scripts moved to external files first. Tests: +2 cases, 245/245 green.	2026-06-07 14:23:55 +02:00
m17hr1l	eadd1aea3b	stage-vouch-c federation: import gate + translog hook (stage-trans-b) import_signed_feed now refuses any feed whose declared fingerprint isn't peer_is_listening_eligible (directly trusted OR vouched in), returning Err("peer not trusted: …") before any signal lands. For every case/IOC it does record, it also appends a "signal" entry to the transparency log (best-effort — logger warns but doesn't abort ingest if the append fails). This is the stage-trans-b hook: the import path is the chokepoint, so attaching the chain there gives us coverage of every peer-originated signal we've ever accepted. build_signed_feed now includes our_vouches() in the feed body so vouches propagate. On import we accept_vouch each one — but only if the embedded voucher_fingerprint matches the peer we just authenticated, so a peer can't forge vouches "from" someone else through us. test_federation: the long-standing round-trip test now first registers the synthetic peer as trusted so the gate lets it through. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-06-06 21:10:36 +02:00
m17hr1l	d4229dd264	stage-fed-g federation: tests	2026-06-06 16:10:31 +02:00

Author

SHA1

Message

Date

m17hr1l

4f12e344a8

xss fixes from audit:

- F1 case_detail.html: scheme-check source_ref href (block javascript: URLs)
- F2 admin.html / F3 admin_federation.html: replace inline onsubmit confirm()
  with data-attr + global handler in base.html (no more label/domain
  interpolation into onsubmit attribute string)
- federation.register_peer: validate hostname + fingerprint regex at ingest
- federation_explore.html: window.PSYC_EXPLORE via | tojson
- federation_network.js: DOMAIN_RE guard on peer-supplied domain before
  building cross-origin fetch URL (also closes open-redirect via 'open
  their explorer' button)
- app.py: nosniff + Referrer-Policy: no-referrer + X-Frame-Options: DENY
- sw.js: psyc-v11 cache bump

CSP deferred — needs inline scripts moved to external files first.
Tests: +2 cases, 245/245 green.

2026-06-07 14:23:55 +02:00

m17hr1l

eadd1aea3b

stage-vouch-c federation: import gate + translog hook (stage-trans-b)

import_signed_feed now refuses any feed whose declared fingerprint isn't
peer_is_listening_eligible (directly trusted OR vouched in), returning
Err("peer not trusted: …") before any signal lands.

For every case/IOC it does record, it also appends a "signal" entry to
the transparency log (best-effort — logger warns but doesn't abort
ingest if the append fails). This is the stage-trans-b hook: the
import path is the chokepoint, so attaching the chain there gives
us coverage of every peer-originated signal we've ever accepted.

build_signed_feed now includes our_vouches() in the feed body so vouches
propagate. On import we accept_vouch each one — but only if the embedded
voucher_fingerprint matches the peer we just authenticated, so a peer
can't forge vouches "from" someone else through us.

test_federation: the long-standing round-trip test now first registers
the synthetic peer as trusted so the gate lets it through.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

2026-06-06 21:10:36 +02:00

m17hr1l

d4229dd264

stage-fed-g federation: tests

2026-06-06 16:10:31 +02:00

3 Commits