Skip to content

fix: secure job ID generation and implement global API authentication#294

Open
ali0786mehdi wants to merge 1 commit into
ionfwsrijan:mainfrom
ali0786mehdi:fix/auth-and-job-ids
Open

fix: secure job ID generation and implement global API authentication#294
ali0786mehdi wants to merge 1 commit into
ionfwsrijan:mainfrom
ali0786mehdi:fix/auth-and-job-ids

Conversation

@ali0786mehdi

@ali0786mehdi ali0786mehdi commented Jul 7, 2026

Copy link
Copy Markdown

Linked issue

Closes #277


What this PR does

This PR addresses a critical security issue by strengthening job identifier generation and introducing authentication for sensitive API endpoints.

Previously, scan jobs were created using Python's internal tempfile._get_candidate_names() function, which relies on a limited identifier namespace and is a private API not intended for application-level identifier generation. Additionally, several sensitive endpoints were accessible without authentication, allowing anyone with a valid job ID to retrieve scan findings, download evidence packs, monitor scan progress, or delete scan jobs.

This update replaces job ID generation with cryptographically secure identifiers using secrets.token_urlsafe(16) and introduces API Bearer Token authentication using FastAPI's HTTPBearer security dependency. The frontend has also been updated to include the required authorization headers when accessing protected endpoints.


Type of change

  • Bug fix
  • New feature
  • ML model / training pipeline
  • Refactor (no behaviour change)
  • Documentation
  • Tests only

ML tier (if applicable)

  • Tier 1 — Triage
  • Tier 2 — Predictive
  • Tier 3 — Autonomous
  • Not ML-related

Stack affected

  • Backend
  • Frontend
  • Both

Changes

Backend

  • Replaced tempfile._get_candidate_names() with secrets.token_urlsafe(16) for secure, high-entropy job ID generation.

  • Added API Bearer Token authentication using FastAPI's HTTPBearer.

  • Implemented a reusable verify_api_key dependency that validates requests against the PATCHPILOT_API_KEY environment variable.

  • Protected sensitive endpoints with authentication:

    • GET /jobs/{job_id}/findings
    • DELETE /jobs/{job_id}
    • GET /api/scans/{job_id}/stream
    • POST /evidence-pack
  • Preserved existing endpoint behavior while adding access control.

Frontend

  • Added support for reading VITE_PATCHPILOT_API_KEY from the frontend environment.
  • Added Authorization: Bearer <token> headers for protected API requests.
  • Updated protected API calls to authenticate against the secured backend while keeping existing functionality unchanged.

New dependencies

  • None.

Used Python's standard library (secrets) and FastAPI's built-in security components.

Database / schema changes

  • None.

Testing

How did you test this?

  • Started the backend locally and verified that the application launches successfully without import or runtime errors.
  • Confirmed newly created scan jobs use secure randomly generated identifiers instead of tempfile._get_candidate_names().
  • Verified that protected endpoints return 401 Unauthorized when accessed without a valid Bearer token.
  • Verified authenticated frontend requests successfully retrieve findings and download evidence packs after including the required authorization header.
  • Confirmed no new Python exceptions or frontend runtime errors were introduced after the changes.

Checklist

  • Tested locally end-to-end (upload ZIP or GitHub URL → scan → findings returned correctly)
  • New ML model falls back gracefully when model file is absent
  • No new console.error or unhandled Python exceptions introduced
  • Added or updated tests where applicable
  • requirements.txt / package.json updated if new dependencies added
  • New model files (.pkl, .pt, etc.) are gitignored, not committed

Anything reviewers should focus on

Please review the authentication implementation in backend/app/main.py, particularly the verify_api_key dependency and its application to protected endpoints. Additionally, please verify that the frontend authorization header integration in frontend/src/app/lib/api.ts aligns with the project's expected deployment and environment variable configuration.


Screenshots (if UI changed)

N/A — This PR introduces backend security improvements and authenticated API communication without any user interface changes.

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown

🎉 Thank you @ali0786mehdi for submitting a Pull Request!

We're excited to review your contribution.

Before Review

✅ Ensure all CI checks pass
✅ Complete the PR template
✅ Link the related issue

Want faster reviews and contributor support?

Join our Discord community:

🔗 https://discord.gg/FcXuyw2Rs

Maintainers and mentors are active there and can help resolve blockers quickly.

Happy Contributing! 🚀

@github-actions github-actions Bot added SSoC26 needs-work Work needed labels Jul 7, 2026
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown

⚠️ Automated Check: This PR does not strictly follow the required template. Please ensure you have not deleted any checkboxes or mandatory headings, and that you have written explanations under What this PR does and How did you test this?.

Correct PR Template

Please copy and paste the raw template below into your PR description and fill it out:

> **Before opening:** make sure there is an issue tracking this work, and link it below. PRs without a linked issue may be closed without review.

## Linked issue

Closes #

## What this PR does



## Type of change

- [ ] Bug fix
- [ ] New feature
- [ ] ML model / training pipeline
- [ ] Refactor (no behaviour change)
- [ ] Documentation
- [ ] Tests only

## ML tier (if applicable)

- [ ] Tier 1 — Triage
- [ ] Tier 2 — Predictive
- [ ] Tier 3 — Autonomous
- [ ] Not ML-related

## Stack affected

- [ ] Backend
- [ ] Frontend
- [ ] Both

---

## Changes

### Backend



-

### Frontend



-

### New dependencies



-

### Database / schema changes



-

---

## Testing

**How did you test this?**



**Checklist**

- [ ] Tested locally end-to-end (upload ZIP or GitHub URL → scan → findings returned correctly)
- [ ] New ML model falls back gracefully when model file is absent
- [ ] No new `console.error` or unhandled Python exceptions introduced
- [ ] Added or updated tests where applicable
- [ ] `requirements.txt` / `package.json` updated if new dependencies added
- [ ] New model files (`.pkl`, `.pt`, etc.) are gitignored, not committed

---

## Anything reviewers should focus on



## Screenshots (if UI changed)

@github-actions github-actions Bot added backend Backend issues frontend Frontend issues labels Jul 7, 2026
@arpit2006

Copy link
Copy Markdown
Collaborator

@ali0786mehdi , CI issue!

@ali0786mehdi

Copy link
Copy Markdown
Author

@arpit2006 can u tell me what exactly is the issue
and can guide me how to fix

@ali0786mehdi

Copy link
Copy Markdown
Author

@arpit2006 no issue i will get fix this by eod

@arpit2006

Copy link
Copy Markdown
Collaborator

@ali0786mehdi , Fix template formatting and CI fails.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backend Backend issues frontend Frontend issues needs-work Work needed SSoC26

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Bug] Data Leakage via Predictable Job IDs and Complete Absence of Authentication

2 participants