Skip to content

Bug fix: missing whitelist on checks#76

Merged
rennf93 merged 9 commits intomasterfrom
bug/missing-whitelist-on-checks
Mar 10, 2026
Merged

Bug fix: missing whitelist on checks#76
rennf93 merged 9 commits intomasterfrom
bug/missing-whitelist-on-checks

Conversation

@rennf93
Copy link
Owner

@rennf93 rennf93 commented Mar 10, 2026

Description

Whitelisted IPs (those in SecurityConfig.whitelist) were still being subjected to rate limiting, suspicious activity detection, user agent filtering, and cloud provider blocking. This PR ensures that once an IP is confirmed as whitelisted during the IP security check, all downstream checks respect that status and skip enforcement.

Additionally includes small fixes: added PATCH to default CORS methods, Python 3.14 support in Makefile, updated LICENSE copyright, and simplified Makefile help target.

Motivation and Context

When an IP is explicitly whitelisted via SecurityConfig.whitelist, the intent is to trust that IP. However, several security checks (rate limiting, suspicious activity, user agent, cloud provider) had no awareness of whitelist status and would still block or rate-limit whitelisted IPs. This created a confusing experience where whitelisted IPs were not truly whitelisted.

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation change
  • Performance improvement
  • Code cleanup or refactoring

How Has This Been Tested?

  • Existing test suite passes (make local-test)
  • The IpSecurityCheck now sets request.state.is_whitelisted based on both is_ip_allowed() result and presence of a configured whitelist
  • CloudProviderCheck, RateLimitCheck, SuspiciousActivityCheck, and UserAgentCheck all check request.state.is_whitelisted early-return before enforcement

Screenshots (if appropriate):

Checklist:

  • My code follows the code style of this project (Mypy, Ruff)
  • I have added tests to cover my changes
  • All new and existing tests passed
  • My change requires a change to the documentation
  • I have updated the documentation accordingly
  • I have checked that my changes don't introduce any new warnings or errors
  • I have updated the version number if necessary
  • I have added any new dependencies to the appropriate requirements file

rennf93 and others added 9 commits February 2, 2026 03:15
@rennf93
Refactor global IP restriction check logic
59dece6 
Refactor IP check logic to set whitelist flag in request state.
@rennf93
Implement whitelisted check in suspicious activity
0b44b66 
Add check for whitelisted requests in suspicious activity detection
@rennf93
Implement whitelisted request check in cloud provider
c8d98c6 
Add check for whitelisted requests in cloud provider check.
@rennf93
Implement user agent whitelisting check
d21f415 
Add check for whitelisted user agents in the request.
@rennf93
Add whitelisting check for rate limiting
67ad4e4
@rennf93
Merge "master" into "bug/missing-whitelist-on-checks" (#71)
b1e279f 
* Simplify pre-commit checks in scheduled lint workflow

Removed unnecessary output handling and exit code checks from pre-commit run step.

* Disable semgrep in pre-commit configuration

Comment out semgrep configuration in pre-commit.
@rennf93
Merge branch 'master' into bug/missing-whitelist-on-checks
a22fcd2
@rennf93
Small fixes
9893f4c
@rennf93
Merge branch 'master' into bug/missing-whitelist-on-checks
6b862da
@rennf93 rennf93 self-assigned this Mar 10, 2026
@rennf93 rennf93 merged commit 081271a into master Mar 10, 2026
8 of 9 checks passed
@rennf93 rennf93 deleted the bug/missing-whitelist-on-checks branch March 10, 2026 19:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@rennf93 rennf93

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rennf93