Logflare / logflare / 14a214d0cacbfbddf8a9baadd5e07ffbe6cf91d6
80%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 474
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 79.194% (+0.05%) from 79.146%
14a214d0cacbfbddf8a9baadd5e07ffbe6cf91d6

push

github

web-flow 
Fix authentication bypass in node shutdown endpoint (#3422)

* Fix authentication bypass in node shutdown endpoint

- Fail closed: deny the request when LOGFLARE_NODE_SHUTDOWN_CODE is
  unset or empty (previously nil == nil allowed unauthenticated shutdown)
- Read the shutdown code from the X-Logflare-Shutdown-Code request
  header instead of a query parameter to prevent secret leakage in
  access logs and browser history
- Use Plug.Crypto.secure_compare/2 for constant-time comparison to
  prevent timing attacks
- Add tests covering each bypass scenario

https://claude.ai/code/session_01FTArwTBUZpCbanBxaViw8i

* Refactor shutdown auth: extract header arg, rename header

- valid_shutdown_code?/1 now takes the provided value directly rather
  than the conn, making it easier to unit test in isolation
- Rename header from x-logflare-shutdown-code to lf-shutdown-code

Closes PRODSEC-44

https://claude.ai/code/session_01FTArwTBUZpCbanBxaViw8i

* Centralise shutdown code env cleanup in test file setup

Save and restore the pre-existing :node_shutdown_code value in a
file-level setup/on_exit so individual tests don't each manage teardown.
Clear the key before each test so the unconfigured case is the default.

https://claude.ai/code/session_01FTArwTBUZpCbanBxaViw8i

* Use in guard for nil/empty provided code check

https://claude.ai/code/session_01FTArwTBUZpCbanBxaViw8i

* Use is_non_empty_binary guard in valid_shutdown_code?/1

Cleaner clause-based dispatch replaces the case tuple pattern match.

https://claude.ai/code/session_01FTArwTBUZpCbanBxaViw8i

* Update test/logflare_web/controllers/admin_controller_test.exs

Co-authored-by: Adam Mokan <amokan@gmail.com>

* Add happy-path shutdown test with Mimic expect

https://claude.ai/code/session_01FTArwTBUZpCbanBxaViw8i

* Let Mimic expectation be the sole assertion in shutdown success test

https://claude.ai/code/session_01FTArwTBUZpCbanBxaViw8i

* Assert log and 200 response in shutdown success test

Log "Nod... (continued)

7 of 8 new or added lines in 1 file covered. (87.5%)

3 existing lines in 3 files now uncovered.

12279 of 15505 relevant lines covered (79.19%)

4835.91 hits per line

Uncovered Changes

Lines Coverage File
1
54.72
 22.11% lib/logflare_web/controllers/admin_controller.ex

Coverage Regressions

Lines Coverage File
1
30.77
 -3.85% lib/logflare/sources/source/text_notification_server.ex
1
54.72
 22.11% lib/logflare_web/controllers/admin_controller.ex
1
53.25
 -1.3% lib/telemetry.ex
Jobs
ID Job ID Ran Files Coverage
1 14a214d0cacbfbddf8a9baadd5e07ffbe6cf91d6.1 474
79.19
 GitHub Action Run
Source Files on build 14a214d0cacbfbddf8a9baadd5e07ffbe6cf91d6