Skip to content

fix: DoS protection, input sanitization, and dependency vulnerability scanning #1#435

Merged
Xhristin3 merged 15 commits intorinafcode:mainfrom
Spagero763:feat/security-dos-input-deps
Apr 28, 2026
Merged

fix: DoS protection, input sanitization, and dependency vulnerability scanning #1#435
Xhristin3 merged 15 commits intorinafcode:mainfrom
Spagero763:feat/security-dos-input-deps

Conversation

@Spagero763
Copy link
Copy Markdown
Contributor

@Spagero763 Spagero763 commented Apr 25, 2026

Summary

  • DoS protection (dos_protection.rs): Introduces a dedicated module with batch-size constants, instruction-budget guards, check_batch_size, check_instruction_budget, check_bridge_out_rate_limit, and a new check_admin_rate_limit to throttle back-to-back bulk admin operations. emergency.rs now enforces these guards on pause_chains and resume_chains.
  • Input sanitization (validation.rs): Fixes the wrong error variant in validate_characters (was InvalidStringLength, now correctly InvalidCharacters). Adds the InvalidCharacters variant to ValidationError, a trim_and_validate helper that strips ASCII whitespace before checking length and character set, and InputSanitizer::sanitize_string as the recommended entry-point for user-supplied string fields.
  • Dependency scanning (ci.yml, dependabot.yml, deny.toml): Adds a security-audit CI job that runs cargo audit and cargo deny on every push/PR. Adds Dependabot configuration for weekly Cargo and GitHub Actions dependency update PRs.

Test plan

  • Confirm cargo audit and cargo deny check pass in the new CI job
  • Verify pause_chains / resume_chains reject calls that exceed MAX_CHAIN_BATCH_SIZE with BatchSizeLimitExceeded
  • Verify pause_chains / resume_chains reject rapid back-to-back admin calls with RetryBackoffActive
  • Verify validate_characters returns InvalidCharacters (not InvalidStringLength) for disallowed bytes
  • Verify trim_and_validate strips leading/trailing whitespace before applying the length cap
  • Confirm Dependabot PRs are opened on the weekly schedule

closes #233
closes #260
closes #276

Copilot AI review requested due to automatic review settings April 25, 2026 20:29
@drips-wave
Copy link
Copy Markdown

drips-wave Bot commented Apr 25, 2026

@Spagero763 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

Copilot AI reviewed Apr 25, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@Spagero763
Copy link
Copy Markdown
Contributor Author

Spagero763 commented Apr 25, 2026

kindly merge @RUKAYAT-CODER i have solved alot of pipeline errors

@Spagero763
Copy link
Copy Markdown
Contributor Author

Spagero763 commented Apr 26, 2026
edited
Loading

@RUKAYAT-CODER kindky merge PR

@drips-wave drips-wave Bot mentioned this pull request Apr 27, 2026
Closed
4 tasks
@Xhristin3 Xhristin3 merged commit 8938617 into rinafcode:main Apr 28, 2026
1 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

3 participants

@Spagero763 @Xhristin3