blog/content/posts/commits/2026-01-29-commit-ee2d9c7.md

title, date, draft, tags, categories, summary, author

title	date	draft	tags	categories	summary	author
Security: Remove hardcoded credentials and add input validation	2026-01-29T16:58:21+01:00	false	commit bojemoi samsonov orchestrator	Git Activity	Commit ee2d9c7 par Betty — 6 fichier(s) modifié(s)	Betty

Commit ee2d9c7

Repository	bojemoi
Branch	main
Auteur	Betty
Hash	ee2d9c7ff59ea9dbde783630d20eeac2027c567b
Date	2026-01-29

Description

BREAKING CHANGE: All secrets now require environment variables

• config.py: Remove hardcoded POSTGRES_PASSWORD, GITEA_TOKEN, XENSERVER_PASS
  • Add field validators to reject placeholder values
  • CORS_ORIGINS now configurable (defaults to specific domains, not "*")
• main.py: Fix CORS to use configured origins instead of wildcard
  • Replace bare except: handlers with proper exception logging
• schemas.py: Add input validation patterns
  • VM/container names: alphanumeric, hyphens, underscores only
  • Docker images: validate format (registry/image:tag)
  • Port mappings: validate format and range (1-65535)
  • Add max length constraints to prevent abuse
• plugin_zap.py, plugin_burp.py: Load API keys from environment
  • ZAP_API_KEY and BURP_API_KEY env vars required
• .env.example: Document all required environment variables

ACTION REQUIRED: Rotate exposed credentials in git history

Co-Authored-By: Claude Opus 4.5 noreply@anthropic.com

Fichiers modifiés

M	provisioning/orchestrator/.env.example
M	provisioning/orchestrator/app/config.py
M	provisioning/orchestrator/app/main.py
M	provisioning/orchestrator/app/models/schemas.py
M	samsonov/pentest_orchestrator/plugins/plugin_burp.py
M	samsonov/pentest_orchestrator/plugins/plugin_zap.py

Statistiques

 6 files changed, 353 insertions(+), 144 deletions(-)