Skip to content

feat: pentest campaigns inline editing, CVSS calculator, security har…#27

Merged
0xmanhnv merged 1 commit into
mainfrom
develop
Mar 18, 2026
Merged

feat: pentest campaigns inline editing, CVSS calculator, security har…#27
0xmanhnv merged 1 commit into
mainfrom
develop

Conversation

@0xmanhnv
Copy link
Copy Markdown
Collaborator

@0xmanhnv 0xmanhnv commented Mar 18, 2026

…dening

Campaign detail sheet:

  • Full inline editing (description, timeline, methodology, tags, objectives, scope, RoE)
  • Header fields editable (name, type, priority, client name/contact)
  • Hybrid scope: linked assets + asset groups + manual scope items
  • RoE redesign: 3 grouped sections with presets (schedule, methods, contacts)
  • Collapsible header, scroll lock, team member enrichment

Backend:

  • created_by_name resolved via batch user lookup
  • CreateTemplateInput JSON tags for correct field mapping
  • UpdateTemplate now applies all fields (was only name/severity/category)
  • Validation modules (attack_simulation, control_testing) seeded
  • CONCURRENTLY removed from migration indexes (incompatible with transaction)

Security:

  • Request body size limits (1MB) on all decode handlers
  • ILIKE search injection fix (escape %, _, )
  • Permission checks on campaign buttons

@0xmanhnv
feat: pentest campaigns inline editing, CVSS calculator, security har…
c4a6335 
…dening

Campaign detail sheet:
- Full inline editing (description, timeline, methodology, tags, objectives, scope, RoE)
- Header fields editable (name, type, priority, client name/contact)
- Hybrid scope: linked assets + asset groups + manual scope items
- RoE redesign: 3 grouped sections with presets (schedule, methods, contacts)
- Collapsible header, scroll lock, team member enrichment

Backend:
- created_by_name resolved via batch user lookup
- CreateTemplateInput JSON tags for correct field mapping
- UpdateTemplate now applies all fields (was only name/severity/category)
- Validation modules (attack_simulation, control_testing) seeded
- CONCURRENTLY removed from migration indexes (incompatible with transaction)

Security:
- Request body size limits (1MB) on all decode handlers
- ILIKE search injection fix (escape %, _, \)
- Permission checks on campaign buttons
@0xmanhnv 0xmanhnv merged commit 8548740 into main Mar 18, 2026
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@0xmanhnv