fix(security): Resolve 21 SQL injection vulnerabilities and add transactions

Security fixes (v1.2.2):
- Fix SQL injection in analytics.ts (16 occurrences)
- Fix SQL injection in advanced-search.ts (1 occurrence)
- Fix SQL injection in search-queries.ts (1 occurrence)
- Add validateDaysInterval(), isValidISODate(), validatePeriod() to security.ts
- Use make_interval(days => N) for safe PostgreSQL intervals
- Validate UUIDs BEFORE string construction

Transaction support:
- bulk-operations.ts: 6 atomic operations with withTransaction()
- desk-sync.ts: 2 operations with transactions
- export-import.ts: 1 operation with transaction

Rate limiting:
- Add automatic cleanup of expired entries (every 5 minutes)

Audit:
- Archive previous audit docs to docs/audits/2026-01-31-v1.2.1/
- Create new AUDIT-REQUEST.md for v1.2.2 verification

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

This commit is contained in:

Emanuel Almeida

2026-01-31 14:47:41 +00:00

parent 7895f31394

commit 7c83a9e168

14 changed files with 3195 additions and 487 deletions

1196

docs/audits/2026-01-31-v1.2.1/PLANO-MELHORIAS.md Normal file

View File

File diff suppressed because it is too large Load Diff

fix(security): Resolve 21 SQL injection vulnerabilities and add transactions

1196 docs/audits/2026-01-31-v1.2.1/PLANO-MELHORIAS.md Normal file View File

1196

docs/audits/2026-01-31-v1.2.1/PLANO-MELHORIAS.md Normal file

View File