Skip to content

v0.22.2 — On-prem example security disclosure (NOT patched)

Choose a tag to compare

View all tags
@MorrisLu-Taipei MorrisLu-Taipei released this 10 Jun 15:18
· 20 commits to main since this release
v0.22.2
2d5b787

v0.22.2 — On-prem example security disclosure (NOT patched)

After a user-raised review surfaced severe authentication and SQL injection gaps in the on-prem LINE CS example, the pack ran a code audit and chose to disclose, not silently patch. Silent patching would misrepresent both the case study and the CREDITS.md attribution chain.

What was disclosed

In examples/line-ai-customer-service-onprem/SECURITY-CAVEATS.md, every issue is documented with file/line and repro:

  • /api/auth/me always returns {authenticated: true} — zero session/JWT.
  • Login uses plaintext password SQL comparison.
  • All /api/* data routes have no auth middleware: settings GET/POST (reads/writes all API keys), user_states GET/POST, reset-handover, logs add/search, upload, n8n.credentials_entity listing, qdrant collections.
  • SQL identifier injection in updateSettings: request-body keys are concatenated directly into INSERT/UPDATE SQL.
  • No CSRF, no rate limit, no audit log, no helmet, no CORS lockdown.

Why disclose-don't-patch

  1. Silent patching misrepresents the upstream POC.
  2. The vulnerabilities themselves are the lesson: AI-coded software that runs ≠ enterprise-deployable software.
  3. The CREDITS.md chain records who did what; we did not do hardening, so we don't claim to have.

To deploy: fork and apply the 10-step hardening checklist at the end of SECURITY-CAVEATS.md (middleware → session → bcrypt → SQL whitelist → CSRF → rate limit → audit log → endpoint trimming → upload hardening → secret encryption).

Marquee skill upgrade

The code-to-workflow skill now mandates a Step 1.5: Security audit (10-item checklist) between source inventory and partition decision, plus a new hard rule §3 requiring publication of a SECURITY-CAVEATS.md if vulnerabilities are found and not fixed. Future Code2n8n ports cannot quietly inherit the same blind spot.

Surrounding doc downgrades

  • On-prem README: prominent DO-NOT-DEPLOY banner; "enterprise-grade real-world variant" wording → "real-world POC port".
  • CODE2N8N.md: case-study entry annotated with ⚠️ + SECURITY-CAVEATS link.
  • CREDITS.md: new "Security audit performed, NOT patched" section.

No code or workflow logic changed.

🤖 Generated with Claude Code

Assets 2
Loading