Skip to content

fix: Address multiple security findings:#393

Merged
gtema merged 1 commit intomainfrom
security
Nov 25, 2025
Merged

fix: Address multiple security findings:#393
gtema merged 1 commit intomainfrom
security

Conversation

@gtema
Copy link
Collaborator

@gtema gtema commented Nov 25, 2025

  • ensure password hashing is not blocking the main thread
  • ensure db credentials not exposed in the log file
  • ensure request body size is limited

Closes: #322
Closes: #323
Closes: #326

@github-actions
Copy link

github-actions bot commented Nov 25, 2025

🐰 Bencher Report

Branchsecurity
Testbedubuntu-latest
Click to view all benchmark results
BenchmarkLatencyBenchmark Result
nanoseconds (ns)
(Result Δ%)		Upper Boundary
nanoseconds (ns)
(Limit %)
fernet token/project📈 view plot
🚷 view threshold		1,503.00 ns
(+18.99%)Baseline: 1,263.18 ns
1,636.70 ns
(91.83%)
get_fernet_token_timestamp/project📈 view plot
🚷 view threshold		142.14 ns
(-9.86%)Baseline: 157.69 ns
213.58 ns
(66.55%)
🐰 View full continuous benchmarking report in Bencher

@github-actions
Copy link

github-actions bot commented Nov 25, 2025
edited
Loading

🦢 Load Test Results

Goose Attack Report

Plan Overview

Action Started Stopped Elapsed Users
Increasing 25-11-25 17:47:54 25-11-25 17:47:56 00:00:02 0 → 4
Maintaining 25-11-25 17:47:56 25-11-25 17:48:26 00:00:30 4
Decreasing 25-11-25 17:48:26 25-11-25 17:48:26 00:00:00 0 ← 4

Request Metrics

Method Name # Requests # Fails Average (ms) Min (ms) Max (ms) RPS Failures/s
GET 9428 0 12.22 8 27 314.27 0.00
Aggregated 9428 0 12.22 8 27 314.27 0.00

Response Time Metrics

Method Name 50%ile (ms) 60%ile (ms) 70%ile (ms) 80%ile (ms) 90%ile (ms) 95%ile (ms) 99%ile (ms) 100%ile (ms)
GET 10 11 16 17 17 18 19 27
Aggregated 10 11 16 17 17 18 19 27

Status Code Metrics

Method Name Status Codes
GET 9,428 [200]
Aggregated 9,428 [200]

Transaction Metrics

Transaction # Times Run # Fails Average (ms) Min (ms) Max (ms) RPS Failures/s
ListUsers
0.0 0 0 0.00 0 0 0.00 0.00
0.1 5975 0 9.56 8 15 199.17 0.00
ValidateToken
1.0 0 0 0.00 0 0 0.00 0.00
1.1 3453 0 16.91 14 27 115.10 0.00
Aggregated 9428 0 12.22 8 27 314.27 0.00

Scenario Metrics

Transaction # Users # Times Run Average (ms) Min (ms) Max (ms) Scenarios/s Iterations
ListUsers 2 5973 9.56 8 15 199.10 2986.50
ValidateToken 2 3451 16.92 14 27 115.03 1725.50
Aggregated 4 9424 12.25 8 27 314.13 4712.00

Error Metrics

Method Name # Error

View full report

@gtema
fix: Address multiple security findings:
d38a5b9 
- ensure password hashing is not blocking the main thread
- ensure db credentials not exposed in the log file
- ensure request body size is limited

Closes: #322
Closes: #323
Closes: #326
@gtema gtema merged commit 03bd4a9 into main Nov 25, 2025
24 of 25 checks passed
@openstack-experimental-release-plz openstack-experimental-release-plz bot mentioned this pull request Nov 25, 2025
Merged
@gtema gtema deleted the security branch December 8, 2025 14:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Blocking Operations in Async Context Potential Database Connection String Exposure Use DefaultBodyLimit to prevent json request parsing DDoS

1 participant

@gtema

Comments