38586deff1
All checks were successful
CD Pipeline / deploy (push) Successful in 1m19s
Issues fixed: 1. [CRITICAL] /api/alert/fix unauthenticated (CWE-306) POST /api/alert/fix had no @check_alert_auth and was CSRF-exempt. Any unauthenticated caller could trigger docker restart or docker exec on arbitrary container names (container_name is validated by is_valid_container_name but restart of any valid name is still a DoS vector). Fix: @check_alert_auth added. 2. [HIGH] Hardcoded ALERT_WEBHOOK_PASSWORD fallback (CWE-798) Default 'wooo_alert_2026' exposed in source. Fix: default='', startup warning if unset. check_alert_auth now fail-secure: returns 503 if password not configured. 3. [MEDIUM] /api/alert/history and /api/alert/analyze unauthenticated Both endpoints expose container names, memory usage, CPU stats, system recommendations. Fix: @check_alert_auth added to both. 4. [MEDIUM] issue_type unvalidated in manual_fix (CWE-20) Any string value could be passed through to auto_fix_container. Fix: ALLOWED_ISSUE_TYPES frozenset — only memory/cpu variants allowed. 5. [LOW] limit parameter unbounded in get_alert_history Arbitrarily large limit → large list slice → memory pressure. Fix: clamped to [1, 200]. NOTE: L177 docker stats command (original report) is SAFE as-is — list argv, fixed arguments, no user input. nosec B603 correctly placed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
