apunkt/gomcp
1
0
Fork 0
mirror of https://github.com/syntrex-lab/gomcp.git synced 2026-05-10 12:02:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: deep audit fixes — error leak prevention, DOMPurify XSS guard, mutex race fix, i18n parity, HMAC warning

Browse source 
- [C-1] Fix sync.Mutex copy in guard.GuardStats (go vet race condition)
- [C-2] Replace 3x raw err.Error() HTTP leaks with generic messages (tenant_handlers, ws_transport, immune)
- [M-1] Add isomorphic-dompurify to LegalPage and AIAssistant (XSS defense-in-depth)
- [M-4] Add swaggo/swag dependency for Swagger docs
- [L-4] Add slog.Warn for hardcoded dev HMAC key in tpmaudit
- [L-5] Add 2 missing i18n keys (nav.contacts, nav.start_free) — 365/365 parity
This commit is contained in:
DmitrL-dev 2026-03-31 19:52:21 +10:00
parent 02b511a41e
commit a54c892736
7 changed files with 69 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

3
internal/infrastructure/auth/tenant_handlers.go
View file

@ -289,7 +289,8 @@ func HandleUpdateTenantPlan(tenantStore *TenantStore) http.HandlerFunc {
}
if err := tenantStore.UpdatePlan(claims.TenantID, req.PlanID); err != nil {
http.Error(w, `{"error":"`+err.Error()+`"}`, http.StatusBadRequest)
slog.Error("plan update failed", "tenant_id", claims.TenantID, "plan", req.PlanID, "error", err)
http.Error(w, `{"error":"plan update failed"}`, http.StatusBadRequest)
return
}