security: fix debug health endpoint information disclosure#1840
Open
Ridanshi wants to merge 1 commit into
Open
security: fix debug health endpoint information disclosure#1840Ridanshi wants to merge 1 commit into
Ridanshi wants to merge 1 commit into
Conversation
…-byte-coder#1816) The endpoint previously required only ENABLE_DEBUG_ENDPOINT=true to serve diagnostic data, making it accessible to any remote caller who discovered the URL. With that single gate in place the response included: - Secret-presence indicators (set/missing) for NEXTAUTH_SECRET, SUPABASE_SERVICE_ROLE_KEY, GITHUB_SECRET, and GITHUB_ID. - The authenticated user's githubId and githubLogin from their session. These fields are enough to fingerprint deployment configuration and identify account holders, assisting reconnaissance even though the raw secret values were never returned. Fix — three access-control gates enforced in sequence: 1. ENABLE_DEBUG_ENDPOINT must be exactly true (unchanged). 2. DEBUG_SECRET must be set in the environment (fail-closed: missing secret → 403 even if the flag is true). 3. Authorization: Bearer <DEBUG_SECRET> must match (401 otherwise). Response shape is now limited to non-sensitive operational data: - status, timestamp - database.healthy (bool) + database.error (string | null) - session.authenticated (bool only — no account identifiers) The environment object and all secret-presence indicators are removed entirely. githubId and githubLogin are never included. Adds 16 regression tests covering every gate, both information- disclosure vectors, and the safe response shape.
|
@Ridanshi is attempting to deploy a commit to the PRIYANSHU DOSHI's projects Team on Vercel. A member of the Team first needs to authorize it. |
github-actions
Bot
added
gssoc26
GSSoC Label Checklist 🏷️@Priyanshu-byte-coder — please apply the appropriate labels before merging: Difficulty (pick one):
Quality (optional):
Validation (required to score):
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #1816
Summary
Root cause
ENABLE_DEBUG_ENDPOINT=true was treated as sufficient access control for a remotely reachable HTTP endpoint. The response then included enough metadata (secret presence, GitHub identity) to assist reconnaissance without revealing raw secret values.
Changes
Test plan