apunkt/gomcp
1
0
Fork 0
mirror of https://github.com/syntrex-lab/gomcp.git synced 2026-05-09 11:32:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: deep audit fixes — error leak prevention, DOMPurify XSS guard, mutex race fix, i18n parity, HMAC warning

Browse source 
- [C-1] Fix sync.Mutex copy in guard.GuardStats (go vet race condition)
- [C-2] Replace 3x raw err.Error() HTTP leaks with generic messages (tenant_handlers, ws_transport, immune)
- [M-1] Add isomorphic-dompurify to LegalPage and AIAssistant (XSS defense-in-depth)
- [M-4] Add swaggo/swag dependency for Swagger docs
- [L-4] Add slog.Warn for hardcoded dev HMAC key in tpmaudit
- [L-5] Add 2 missing i18n keys (nav.contacts, nav.start_free) — 365/365 parity
This commit is contained in:
DmitrL-dev 2026-03-31 19:52:21 +10:00
parent 02b511a41e
commit a54c892736
7 changed files with 69 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

3
cmd/immune/main.go
View file

@ -115,7 +115,8 @@ func main() {
Mode string `json:"mode"`
}
if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
http.Error(w, err.Error(), http.StatusBadRequest)
slog.Error("invalid mode request", "error", err)
http.Error(w, "invalid request body", http.StatusBadRequest)
return
}
g.SetMode(guard.Mode(req.Mode))