Skip to content

fix(security): resolve CodeQL missing rate limiting blockers for #1629#1631

Merged
OneStepAt4time merged 2 commits intodevelopfrom
fix/codeql-rate-limit-main-blocker
Apr 10, 2026
Merged

fix(security): resolve CodeQL missing rate limiting blockers for #1629#1631
OneStepAt4time merged 2 commits intodevelopfrom
fix/codeql-rate-limit-main-blocker

Conversation

@OneStepAt4time
Copy link
Copy Markdown
Owner

@OneStepAt4time OneStepAt4time commented Apr 10, 2026

Summary

This PR fixes the high-severity CodeQL Missing rate limiting findings blocking promotion PR #1629.

Changes

  • Added recognized Fastify rate limiting via @fastify/rate-limit.
  • Enabled global per-IP throttling and added explicit route-level limits for flagged handlers in src/server.ts.
  • Added rate-limit coverage to the test-side mock verify route in src/tests/auth-verify-endpoint-1555.test.ts.
  • Kept existing auth/authorization behavior and response semantics intact.

Validation

Executed successfully in the worktree:

pm ci

pm run lint

pm run build

px tsc --noEmit

pm test

Context

Main-blocker follow-up for promotion PR #1629 (develop -> main).

@OneStepAt4time
fix(security): add recognized rate limiting for flagged handlers
292d0e6 
Add @fastify/rate-limit and apply global + route-level limits to expensive/auth-sensitive endpoints highlighted by CodeQL. Also mirror recognized rate limiting in the auth verify route test harness to clear test-side findings.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 10, 2026
View reviewed changes
@OneStepAt4time
fix: wire route limits via rateLimit preHandlers
ce67d93 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 10, 2026
View reviewed changes
@OneStepAt4time OneStepAt4time merged commit 501c417 into develop Apr 10, 2026
10 checks passed
@OneStepAt4time OneStepAt4time deleted the fix/codeql-rate-limit-main-blocker branch April 10, 2026 22:43
@OneStepAt4time
Copy link
Copy Markdown
Owner Author

OneStepAt4time commented Apr 10, 2026

All CI checks pass. Please check if mergeable.

This was referenced Apr 11, 2026
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@OneStepAt4time @github-advanced-security