60 lines
2.2 KiB
Markdown
60 lines
2.2 KiB
Markdown
---
|
|
id: review/post-security-fix-review
|
|
name: Review security fix implementations before production consideration
|
|
status: completed
|
|
depends_on:
|
|
- fix/rate-limiter-ip-source
|
|
- fix/inflight-counter-increment
|
|
- fix/connector-timeout-ceiling
|
|
- fix/json-format-without-logfile
|
|
- fix/upstream-host-validation
|
|
- fix/acme-contact-validation
|
|
- fix/upstream-uri-error-handling
|
|
- fix/admin-socket-resource-limits
|
|
- fix/consolidate-config-types
|
|
- fix/rate-limiter-connectinfo-tests
|
|
scope: moderate
|
|
risk: low
|
|
impact: project
|
|
level: review
|
|
---
|
|
|
|
## Description
|
|
|
|
Review all security and bug fix implementations from Review #003 before
|
|
considering them production-ready. Verify that the fixes correctly implement
|
|
the architecture decisions (ADR-025, ADR-026, ADR-027) and the updated spec
|
|
documents.
|
|
|
|
## Acceptance Criteria
|
|
|
|
- [ ] C1 fix: Rate limiter uses ConnectInfo only, rejects without it (ADR-025)
|
|
- [ ] C2 fix: InFlightCounter increments before task spawn, drain polls 100ms
|
|
- [ ] C3 fix: Connector ceiling is 30s, per-site timeouts work >5s (ADR-026)
|
|
- [ ] C4 fix: JSON format applied in stdout-only path
|
|
- [ ] W1 fix: Upstream host part validated (DNS name or IP, IPv6 brackets)
|
|
- [ ] W2 fix: ACME contact email validated (non-empty, contains @)
|
|
- [ ] W3 fix: URI parse failure returns 502, never drops query string silently
|
|
- [ ] W4 fix: Admin socket has 5s timeout and 4096 byte line limit (ADR-027)
|
|
- [ ] W6 fix: RawConfig eliminated, FullConfig used in both paths
|
|
- [ ] S10 fix: Rate limit tests use ConnectInfo, verify XFF is ignored
|
|
- [ ] All `cargo test` passes
|
|
- [ ] All `cargo clippy` passes with no warnings
|
|
- [ ] No regressions in integration tests
|
|
|
|
## References
|
|
|
|
- docs/reviews/003-security-and-bug-review.md — all findings
|
|
- docs/architecture/decisions/025-rate-limiter-ip-source.md — ADR-025
|
|
- docs/architecture/decisions/026-connector-timeout-ceiling.md — ADR-026
|
|
- docs/architecture/decisions/027-admin-socket-resource-limits.md — ADR-027
|
|
|
|
## Notes
|
|
|
|
> This review covers the critical security fixes and the sensitive config
|
|
> consolidation. It should be the last task before the generation 4+ code
|
|
> quality items are considered final.
|
|
|
|
## Summary
|
|
|
|
> To be filled on completion |