You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This page tracks the security hardening work delivered across Sharkable core, Sharkable.Cache.Redis, and Sharkable.AutoCrud.SqlSugar. Each entry summarizes the fix; for the full audit context, see local/security-audit.md in each repository.
BREAKING — Add [CrudAllow] attribute for explicit field allowlist on AutoCrud insert/update; endpoints with Create | Update and zero [CrudAllow] properties now throw InvalidOperationException at startup. Prevents mass-assignment privilege escalation via JSON body (cross-repo with Sharkable.AutoCrud.SqlSugar)
Implement AuditTrailMiddleware header redaction per RedactHeaders list — credential-bearing headers (Authorization, X-Api-Key, Cookie by default) have their values replaced with *** in audit log output
Redact RedisHealthCheck description — never expose endpoint topology or ex.Message on public /healthz; full diagnostic detail logged at LogWarning for operators only
Replace empty catch in RedisIdempotencyStore.GetAsync with typed exception filter + structured LogWarning + re-throw wrapped in InvalidOperationException — prevent silent double-execution when a corrupted record is encountered
Add UseSharkableRedisHealthCheck() extension — explicit opt-in to wire RedisHealthCheck into HealthCheckService under name "redis" and tag "ready". The check is no longer auto-surfaced on /healthz by default
Set TTL on RedisSagaStore.SaveProgressAsync via RedisStoreOptions.SagaProgressTtl (default 7d) — prevent unbounded Redis key growth from orphaned saga progress records after host crashes
Add AutoCrudSqlSugar.AutoCrudRequireAuthorization opt-in flag — auto-attach .RequireAuthorization() to every generated CRUD endpoint when true. Default false preserves backward compat, but production deployments MUST enable. AddSqlSugar() logs a LogWarning at startup when the flag is false in non-AOT mode
Defense-in-depth: also exclude SafeSoftDeleteField from the [CrudAllow] allow-list by case-insensitive name match — protects entities whose C# property name matches the configured soft-delete column but lacks a [SugarColumn] rename
Redact SqlSugarHealthCheck description — never expose dbType or ex.Message on public /healthz; full diagnostic detail (DB type, exception) logged at LogWarning for operators only
Escape SQL LIKE wildcards (%, _, \) with ESCAPE '\' clause + cap filter value length via AutoCrudSqlSugar.MaxFilterValueLength (default 200) + cap IN / NOT IN array size via AutoCrudSqlSugar.MaxInArraySize (default 100) in AutoCrud search — prevent LIKE wildcard DoS and large-IN clause DoS
Reporting vulnerabilities
Please report security issues privately via GitHub Security Advisories on the affected repository (Sharkable, Sharkable.Cache.Redis, or Sharkable.AutoCrud.SqlSugar). Do not open public issues for suspected vulnerabilities.