2.5 KiB
2.5 KiB
Security Audit Report - TFM aInventory
Date: 2026-04-11 Status: Completed & Patched
1. Executive Summary
This audit evaluated the security posture of the TFM aInventory system across Authentication, API Logic, Offline Synchronization, and Infrastructure. Major vulnerabilities like LDAP Injection and session redirect loops were identified and mitigated.
2. Audit Findings & Mitigations
2.1 LDAP Injection (CRITICAL - FIXED)
- Vulnerability: The LDAP login flow interpolated the raw
usernameinto the DN template using.format(), allowing attackers to craft malicious DNs. - Impact: Potential unauthorized access or LDAP server manipulation.
- Mitigation: Implemented
escape_rdn_charsfromldap3.utils.convto sanitize the username before it is injected into the DN template.
2.2 JWT Session Stability (MEDIUM - RESOLVED)
- Vulnerability: In standalone mode, the system generated a new
JWT_SECRET_KEYon every restart if not provided in the environment. - Impact: All active user sessions would be invalidated upon server restart, potentially causing data loss for unsynced offline operations.
- Mitigation: Added documentation in
USER_GUIDE.mdon how to set a persistentJWT_SECRET_KEY. Standardized logout logic to prevent redirect loops when tokens become invalid.
2.3 Container Security (LOW - VERIFIED)
- Review: Both Backend and Frontend Dockerfiles were audited for privilege escalation risks.
- Status: Both use non-root users (
appuserfor backend,nextjsfor frontend). File ownership is properly restricted.
2.4 Audit Log Integrity (LOW - VERIFIED)
- Review: Can logs be deleted by standard users?
- Status: Backend only exposes
GET /operations/logs. There are no routes for deleting or modifying audit logs via the API. Integrity is maintained at the application layer.
2.5 OCR Prompt Injection (LOW - VERIFIED)
- Review: Evaluated if malicious labels could hijack the LLM core.
- Status: Risk is negligible as the LLM output is strictly constrained to a JSON schema used only for pre-filling a form. No code execution or privilege escalation is possible via this vector.
3. Recommended Future Hardening
- Rate Limiting: Currently applied to
/extract-label. Consider applying it to all/users/loginattempts to prevent brute-forcing local accounts. - CORS: Ensure
ALLOWED_ORIGINSindocker-compose.ymlis restricted to the specific production domain in the final environment.