PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 11:09:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
99ccd60f9007a6abf3a424e8ae5cf4377ea02edc
xamxam/formulaire/SECURITY.md
Théophile Gervreau-Mercier 99ccd60f90 Add SQLite database schema and documentation 
Added complete database schema for Post-ERG thesis archive:
- schema.sql with full relational database structure
- README.md with schema documentation and usage examples
- SETUP.md with comprehensive setup and maintenance guide
- posterg_fiche-technique.md with technical specifications
- Database_TFE_test.csv and .ods with example data

Database features:
- Normalized relational schema (3NF)
- Support for multiple authors, supervisors, languages, formats, keywords
- Publication workflow (submission → defense → jury review → publication)
- Access control (Libre/Interne/Interdit)
- File attachments tracking
- Predefined reference tables for orientations, AP programs, finalities
- Views for simplified querying
- Automatic timestamps and cascade deletes
2026-01-27 15:37:55 +01:00

4.8 KiB
Raw Blame History

Security Improvements

Changes Made

1. Critical Vulnerability Fixes

Path Traversal in thanks.php (CRITICAL)

  • Before: User could access ANY file on the system via ?file=../../../../etc/passwd
  • After:
    • Validates file path using realpath() to resolve symlinks
    • Ensures file is within allowed data/yaml/ directory
    • Verifies file extension is .yaml
    • Proper error handling without exposing system paths

CSRF Protection

  • Before: Form could be submitted from any website
  • After:
    • Session-based CSRF tokens generated for each form load
    • Token validated on submission using timing-safe comparison (hash_equals())
    • Token cleared after successful submission

2. Input Validation & Sanitization

Deprecated Functions Replaced

  • Before: Used FILTER_SANITIZE_STRING (deprecated in PHP 8.1+)
  • After: Custom sanitize_string() function using htmlspecialchars() and strip_tags()

Enhanced Validation

  • Required fields properly validated with custom validate_required() function
  • Email validation using FILTER_VALIDATE_EMAIL
  • URL validation using FILTER_VALIDATE_URL
  • Year validation with reasonable range checking (2000 to current year + 1)
  • Comprehensive error messages for validation failures

3. File Upload Security

Random Filenames

  • Before: Used original or predictable filenames (author + timestamp)
  • After:
    • Generates cryptographically secure random filenames using random_bytes()
    • Prevents file overwrites
    • Prevents path traversal attacks via malicious filenames
    • Stores mapping to original filename for reference

Enhanced File Validation

  • MIME type checking using finfo
  • File extension whitelist
  • File size limits (50MB max)
  • Proper error handling for upload errors
  • Cover image restricted to JPEG/PNG only

4. Bug Fixes

  • Fixed undefined variable $memoireFolder (used before definition)
  • Fixed undefined variable $resume (should be $description)
  • Fixed variable ordering (generate $uniqueId before using it)
  • Added proper __DIR__ prefix for absolute paths

5. Error Handling

  • Try-catch block wraps entire form processing
  • Detailed error logging (not exposed to users)
  • User-friendly error messages
  • Proper exit after redirect
  • No system path exposure in error messages

Nginx Configuration Notes

Since this form is behind nginx password authentication, additional security layers:

Recommended nginx config:

location /formulaire {
    auth_basic "Restricted Access";
    auth_basic_user_file /etc/nginx/.htpasswd;

    # Rate limiting
    limit_req zone=form_limit burst=5 nodelay;

    # File upload size
    client_max_body_size 100M;

    # Timeout settings
    client_body_timeout 60s;

    # Prevent access to sensitive files
    location ~ /\. {
        deny all;
    }

    location ~ /(vendor|composer\.(json|lock)|error\.log)$ {
        deny all;
    }
}

Additional Recommendations

1. Database Migration (In Progress)

Moving to SQLite will provide:

  • Structured data storage
  • Better query capabilities
  • Easier data management
  • Prepared statements for SQL injection prevention

2. File Storage

  • Consider moving uploaded files outside web root
  • Serve files through PHP script with access control
  • Implement file scanning for malware if possible

3. Monitoring

  • Regularly review error.log for suspicious activity
  • Monitor file upload patterns
  • Set up alerts for failed CSRF validations

4. Backup Strategy

  • Regular backups of data/ directory
  • Version control for code changes
  • Test restore procedures

5. PHP Configuration

Ensure these settings in php.ini:

file_uploads = On
upload_max_filesize = 100M
post_max_size = 100M
max_execution_time = 60
max_input_time = 60
memory_limit = 256M

# Security
expose_php = Off
allow_url_fopen = Off
allow_url_include = Off
display_errors = Off
log_errors = On

Testing Checklist

  • Form submission with all fields
  • Form submission with minimal required fields
  • Invalid email format
  • Invalid URL format
  • Invalid year
  • File upload (various formats)
  • Large file upload (>50MB, should fail)
  • Invalid file types
  • Multiple file uploads
  • Cover image upload
  • CSRF token validation (try submitting with wrong token)
  • Path traversal attempt in thanks.php
  • Error handling for missing directories

Known Limitations

  1. No atomic transactions: File operations and YAML save not atomic
  2. No rollback: Failed submissions may leave partial files
  3. Session storage: CSRF tokens in default PHP session (consider database sessions)
  4. No upload progress: Large files have no progress indicator
  5. No duplicate detection: Same submission can be made multiple times

These limitations will be addressed in the SQLite migration.

Reference in New Issue View Git Blame Copy Permalink