Fix 10 critical/high issues from Phase 6-7 audit

Fork: 0

root / smart-home-server

Browse code Fix 10 critical/high issues from Phase 6-7 audit - Entity::select_from_db() throws on missing record (fatal error fix) - Scripts::select_scripts_by_aliases_types() early return on empty array (SQL syntax fix) - ThinBuilder WHERE operator whitelist (SQL injection prevention) - validate_identifier() rejects numeric start (SQL correctness) - Remove escape_string_in_arr() dead code (security hygiene) - MetaManager::create_or_update() wrapped in transaction (race condition) - Scripts::remove_scope() deletes DB before file (consistency) - IN clause guards against non-array values (PHP 8 TypeError fix) - Short where syntax supports IN operator (correctness) - DeviceAuth::kill() clears Device auth cache (stale data fix) dev
1 parent a3cae76 commit 8ac5109dff4391851231c8830bba41a455d5bfa5 Eugene Sukhodolskiy authored 1 hour ago

Browse code

- Entity::select_from_db() throws on missing record (fatal error fix)
- Scripts::select_scripts_by_aliases_types() early return on empty array (SQL syntax fix)
- ThinBuilder WHERE operator whitelist (SQL injection prevention)
- validate_identifier() rejects numeric start (SQL correctness)
- Remove escape_string_in_arr() dead code (security hygiene)
- MetaManager::create_or_update() wrapped in transaction (race condition)
- Scripts::remove_scope() deletes DB before file (consistency)
- IN clause guards against non-array values (PHP 8 TypeError fix)
- Short where syntax supports IN operator (correctness)
- DeviceAuth::kill() clears Device auth cache (stale data fix)

dev

1 parent a3cae76 commit 8ac5109dff4391851231c8830bba41a455d5bfa5

Eugene Sukhodolskiy authored 1 hour ago

Patch

Unified Split

Showing 12 changed files

Ignore Space Show notes View docs/server-audit.md

Ignore Space Show notes View server/Fury/Modules/ThinBuilder/ThinBuilderProcessing.php

Ignore Space Show notes View server/SHServ/Entities/Device.php

Ignore Space Show notes View server/SHServ/Entities/DeviceAuth.php

Ignore Space Show notes View server/SHServ/Middleware/Entity.php

Ignore Space Show notes View server/SHServ/Models/MetaManager.php

Ignore Space Show notes View server/SHServ/Models/Scripts.php

Ignore Space Show notes View server/tests/DeviceAuthCacheTest.php 0 → 100644

Ignore Space Show notes View server/tests/EntityCrudTest.php

Ignore Space Show notes View server/tests/MetaManagerTest.php 0 → 100644

Ignore Space Show notes View server/tests/ScriptsModelStateTest.php

Ignore Space Show notes View server/tests/ThinBuilderTest.php

Show line notes below