• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

decentraland / comms-gatekeeper / 28616085146
85%

Build:
DEFAULT BRANCH: main
Ran 02 Jul 2026 07:28PM UTC
Jobs 1
Files 151
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

02 Jul 2026 07:26PM UTC coverage: 85.372% (+0.03%) from 85.347%
28616085146

push

github

web-flow
fix: address security audit findings (access control, disclosure, hardening) (#276)

* fix: address security audit findings across access control and hardening

Resolves the findings from a full-codebase security review.

Access control (HIGH):
- Bind LiveKit streaming-key issuance and scene-ban checks to the sceneId that
  forms the room, not a separately-supplied parcel. Previously the admin/ban
  check ran against a place resolved from an unvalidated parcel while the
  room/key was derived from sceneId, allowing cross-scene stream injection and
  a scene-ban bypass via mismatched parcel/sceneId.
- generate-stream-link resolves a world-name-as-sceneId to the real content
  hash so the room and place stay consistent (mirrors comms-scene-handler).
- Require signed-fetch auth on /cast/watcher-token and enforce scene bans on the
  viewer, so a banned user can't rejoin a scene's comms room as a watcher.

Disclosure & secrets (MEDIUM):
- /users/:address/bans (unauthenticated) now returns only user-facing fields
  (isBanned, expiresAt, customMessage), not moderator identity, device id, or
  reason.
- Stop logging the ingress streamKey / ingest URL.
- Remove the committed COMMS_GATEKEEPER_AUTH_TOKEN default from .env.default so
  requireString fails fast; tests get a fixture value via jest setup.
- Add encodeURIComponent to user-influenced URL segments in places/worlds/social.

Robustness & hardening (LOW):
- Close a duplicate-active-ban race with a transaction-scoped advisory lock.
- Add a non-unique partial index on scene_stream_access(ingress_id) (dropped
  with the old unique constraint); guard streaming writes against empty ingress_id.
- Lowercase address in the private voice-chat status lookup.
- Dedup + ON CONFLICT in createVoiceChatRoom; bound bulk community_ids (maxItems).
- Overlap guard on the streaming-key TTL cron; deactivate empty-ingress expired
  rows by place in the streaming TTL cron.
- Protect land-lease holders from scene bans; return 40... (continued)

1121 of 1436 branches covered (78.06%)

Branch coverage included in aggregate %.

85 of 94 new or added lines in 21 files covered. (90.43%)

4 existing lines in 1 file now uncovered.

3081 of 3486 relevant lines covered (88.38%)

75.03 hits per line

Uncovered Changes

Lines Coverage ∆ File
4
81.48
-12.96% src/controllers/handlers/cast/generate-stream-link-handler.ts
2
81.03
-3.41% src/adapters/streaming-key-ttl-checker.ts
1
20.69
-0.24% src/adapters/scene-stream-access-manager.ts
1
91.38
2.02% src/adapters/streaming-ttl-checker.ts
1
75.0
src/migrations/1782483863000_add-ingress-id-index.ts

Coverage Regressions

Lines Coverage ∆ File
4
20.69
-0.24% src/adapters/scene-stream-access-manager.ts
Jobs
ID Job ID Ran Files Coverage
1 28616085146.1 02 Jul 2026 07:28PM UTC 302
86.58
GitHub Action Run
Source Files on build 28616085146
  • Tree
  • List 151
  • Changed 100
  • Source Changed 22
  • Coverage Changed 100
Coverage ∆ File Lines Relevant Covered Missed Hits/Line Branch Hits Branch Misses
  • Back to Repo
  • Github Actions Build #28616085146
  • defb3ad8 on github
  • Prev Build on main (#28373235419)
  • Delete
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc