Skip to content

feat(protect): hardening — body cap, header screening, multipart, node egress, SQL-error suppression#79

Merged
patchstackdave merged 1 commit into
mainfrom
feat/protect-hardening
Jul 15, 2026
Merged

feat(protect): hardening — body cap, header screening, multipart, node egress, SQL-error suppression#79
patchstackdave merged 1 commit into
mainfrom
feat/protect-hardening

Conversation

@patchstackdave

Copy link
Copy Markdown
Contributor

Five request/response-guard improvements (each with tests). 437 tests pass, typecheck + build clean.

1. Fix — cap the request body on the fetch/route-WAF path

fromFetchRequest read the whole body with no size limit (the node adapter caps at 1 MiB; the fetch path didn't). Now a Content-Length over the cap is skipped before reading, and anything else is discarded past 1 MiB — fail-open, so the request is still evaluated on query/headers/url. Configurable via { maxBodyBytes }.

2. Feature — response-header screening

screenText masked only the body. It now applies the matched secret redactors to header values too, so a response.header.* rule actually strips the header, and a secret that also leaks into a header (Set-Cookie, an echoed X-Api-Key) is masked. Wired through the fetch and node response paths.

3. Feature — multipart/form-data parsing

Only JSON + x-www-form-urlencoded were parsed into post.*. Multipart fields now populate post.<field> (+ raw), and file parts surface via files.<field> (the filename) — so the field-scoped rules we discussed match uploads (e.g. a __proto__ field name).

4. Feature — egress SSRF for node:http/https

The egress guard wrapped only global fetch; it now also patches node:http/https request/get on Node (covers axios/got/raw client), best-effort and restored on uninstall. installEgressGuard is now async; createProtection awaits it.

5. Feature — verbose-error suppression

A new default response rule redacts SQL/ORM error signatures (SQLSTATE[…], SequelizeDatabaseError, ORA-#####, PG::…Error, SQLITE_ERROR, …) beyond the existing stack-trace rule.

Tests (+10)

fetch-body-cap, multipart, response-hardening (header screening + SQL redaction), egress-node-http.

🤖 Generated with Claude Code

…e egress, SQL-error suppression

Five request/response-guard improvements:

- Cap the request body on the fetch/route-WAF path. fromFetchRequest read the whole
  body with no limit; now a Content-Length over the cap is skipped before reading and
  anything else is discarded past 1 MiB (fail-open — query/headers/url still evaluated),
  matching the node adapter. Configurable via { maxBodyBytes }.
- Response-HEADER screening. screenText now redacts matched secret spans in header values
  too (not just the body), so a `response.header.*` rule actually strips the header and a
  secret that also leaks into a header (Set-Cookie, an echoed X-Api-Key) is masked. Wired
  through the fetch and node response paths.
- Parse multipart/form-data. Only JSON + urlencoded were parsed into post.*; multipart
  fields now populate post.<field> (+ `raw`) and file parts surface via files.<field>, so
  field-scoped rules match uploads (e.g. a `__proto__` field name).
- Egress SSRF for node:http/https. The egress guard wrapped only global fetch; it now also
  patches node:http/https request/get on Node (axios/got/raw client), best-effort and
  restored on uninstall. installEgressGuard is async; createProtection awaits it.
- Verbose-error suppression: a default response rule redacts SQL/ORM error signatures
  (SQLSTATE/Sequelize/ORA-/PG::/SQLITE_ERROR/…) beyond the existing stack-trace rule.

+10 tests (body cap, multipart, response-header screening, node:http egress, SQL redaction).
437 tests pass, typecheck + build clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@coderbuds

coderbuds Bot commented Jul 15, 2026

Copy link
Copy Markdown

Robust security enhancements with clear structure and comprehensive tests.

🎯 Quality: 100% Elite · 📦 Size: Large — consider splitting if possible

🛡️ Standards: no pre-flight fit check ran for this change — wire assess-change-fit into your coding agents to catch size before opening.

📈 This month: Your 31st PR — above team average · Averaging Excellent

See how your team is trending →

@patchstackdave

Copy link
Copy Markdown
Contributor Author

/review

@patchstackdave patchstackdave merged commit d69f2ec into main Jul 15, 2026
4 checks passed
@patchstackdave patchstackdave deleted the feat/protect-hardening branch July 15, 2026 10:11
patchstackdave added a commit that referenced this pull request Jul 15, 2026
Addresses the gaps surfaced reviewing #79:

- Body cap → partial-scan (was discard). An oversize body is now TRUNCATED to the
  cap and its prefix scanned (front-loaded payloads are caught), with memory bounded
  by a 4× hard ceiling; only a declared body over that ceiling is skipped. Content-
  Length is compared in bytes; the prefix slice is by char (can only over-scan).
- IPv6 host extraction on the node:http egress path. extractHttpTarget no longer
  mangles `::1` / `[::1]` / `[::1]:port` via split(':') — normalizeHost preserves them
  so isInternalHost (which strips brackets) blocks IPv6-internal SSRF via options host.
- Redact array-valued headers. Header screening now masks multi-valued Set-Cookie
  (via getSetCookie / node arrays) and re-emits each cookie separately, in both the
  fetch and node paths.
- Multipart parser robustness: tolerate LF-only line endings and collect duplicate
  field names (arrays), matching the body/urlencoded behavior.
- WebSocket egress screening: the guard now also wraps the global WebSocket so ws://
  /wss:// egress is screened; restored on uninstall.
- Verbose-error breadth: a default response rule redacts multi-language exception/
  traceback signatures (Python/JVM/.NET/Go) beyond the node stack-trace + SQL rules.

+6 tests (body-cap partial-scan incl. the past-cap residual, IPv6 node egress,
Set-Cookie array redaction, multipart LF/dup, WebSocket block, exception redaction,
allowHosts override). 443 tests pass, typecheck + build clean.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
patchstackdave added a commit that referenced this pull request Jul 15, 2026
Addresses the gaps surfaced reviewing #79:

- Body cap → partial-scan (was discard). An oversize body is now TRUNCATED to the
  cap and its prefix scanned (front-loaded payloads are caught), with memory bounded
  by a 4× hard ceiling; only a declared body over that ceiling is skipped. Content-
  Length is compared in bytes; the prefix slice is by char (can only over-scan).
- IPv6 host extraction on the node:http egress path. extractHttpTarget no longer
  mangles `::1` / `[::1]` / `[::1]:port` via split(':') — normalizeHost preserves them
  so isInternalHost (which strips brackets) blocks IPv6-internal SSRF via options host.
- Redact array-valued headers. Header screening now masks multi-valued Set-Cookie
  (via getSetCookie / node arrays) and re-emits each cookie separately, in both the
  fetch and node paths.
- Multipart parser robustness: tolerate LF-only line endings and collect duplicate
  field names (arrays), matching the body/urlencoded behavior.
- WebSocket egress screening: the guard now also wraps the global WebSocket so ws://
  /wss:// egress is screened; restored on uninstall.
- Verbose-error breadth: a default response rule redacts multi-language exception/
  traceback signatures (Python/JVM/.NET/Go) beyond the node stack-trace + SQL rules.

+6 tests (body-cap partial-scan incl. the past-cap residual, IPv6 node egress,
Set-Cookie array redaction, multipart LF/dup, WebSocket block, exception redaction,
allowHosts override). 443 tests pass, typecheck + build clean.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants