[dev] [Itsnotaka] daniel/bun-stop-the-force

[github-actions]

This is an automated pull request to merge daniel/bun-stop-the-force into dev.
It was created by the [Auto Pull Request] action.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
app	Ready	Preview	Comment	Nov 20, 2025 5:42pm
portal	Ready	Preview	Comment	Nov 20, 2025 5:42pm

[comp-ai-code-review]

🔒 Comp AI - Security Review

🔴 Risk Level: HIGH

OSV results: [email protected] — GHSA-4r6h-8v6p-xvw6 (Prototype Pollution, HIGH); [email protected] — GHSA-5pgg-2g8v-p4x9 (ReDoS, HIGH); [email protected] — GHSA-rwvc-j5jr-mgvh (filetype whitelist bypass, LOW, fixed in 5.0.52).

---

📦 Dependency Vulnerabilities

🟠 NPM Packages (HIGH)

Risk Score: 8/10 | Summary: 2 high, 1 low CVEs found

Package	Version	CVE	Severity	CVSS	Summary	Fixed In
xlsx	0.18.5	GHSA-4r6h-8v6p-xvw6	HIGH	N/A	Prototype Pollution in sheetJS	No fix yet
xlsx	0.18.5	GHSA-5pgg-2g8v-p4x9	HIGH	N/A	SheetJS Regular Expression Denial of Service (ReDoS)	No fix yet
ai	5.0.0	GHSA-rwvc-j5jr-mgvh	LOW	N/A	Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files	5.0.52

---

🛡️ Code Security Analysis

View 3 file(s) with issues

🔴 apps/api/buildspec.yml (HIGH Risk)

#	Issue	Risk Level
1	Remote install via curl	bash (bun.sh) allows arbitrary code execution (RCE)
2	Unquoted env vars in shell commands allow command injection via malicious env	HIGH
3	CI build prints env and file listings, risking secret leakage in logs	HIGH
4	Executing project build (bun run build) runs repo code in CI (supply-chain risk)	HIGH
5	Copying node_modules and Prisma binaries into image may include vulnerable deps	HIGH

Recommendations:

1. Replace curl | bash install with a verified installer: download a specific bun release artifact, verify checksum/signature, or install via a package manager. Avoid piping remote scripts directly to a shell.
2. Quote all variable expansions in shell commands (e.g. "$ECR_REPOSITORY_URI" "$IMAGE_TAG") and validate/whitelist values. Treat CI environment variables as untrusted input when coming from external or forked builds.
3. Remove or redact sensitive prints (do not echo full env vars, do not list directories containing secrets). Use logging that masks secrets and enable log redaction in the CI provider for secret variables.
4. Limit execution of repository scripts in CI: run builds in ephemeral least-privileged runners, restrict which environment variables are available to PRs from forks, and run package installs/build steps with reduced privileges or in sandboxes. Consider running dependency installation and build in a reproducible builder image rather than executing arbitrary repo scripts directly.
5. Do not copy host node_modules or binaries directly into build context unless necessary. Build/install dependencies inside the image or perform a clean, reproducible install step; scan images and dependency trees (Trivy, Snyk, OSS-Fuzz, etc.) before pushing to registry. Generate and publish an SBOM for the image.

🔴 apps/api/src/attachments/attachments.service.ts (HIGH Risk)

#	Issue	Risk Level
1	Missing authorization checks on attachment operations	HIGH
2	No MIME/type validation allows content-type spoofing	HIGH
3	No malware/virus scanning of uploaded files	HIGH
4	S3 metadata may leak internal IDs or PII via headers	HIGH
5	Errors logged may expose sensitive details or object keys	HIGH
6	Deletes S3 object before DB removal, causing inconsistency	HIGH
7	Generating signed URLs for all attachments risks DoS	HIGH
8	Base64 decoded into Buffer before size enforcement can OOM	HIGH
9	No rate limiting on endpoints that generate signed URLs	HIGH
10	Weak input validation for organization/entity identifiers	HIGH

Recommendations:

1. Enforce per-request authorization checks (validate caller's access to organizationId/entityId and attachment operations). Implement RBAC/ACL checks at controller or middleware level.
2. Apply a server-side whitelist of allowed MIME types and file extensions. Verify both the declared Content-Type and inspect file signatures (magic bytes) for high-risk types.
3. Integrate malware scanning (e.g., ClamAV, commercial scanning service, or sandboxing) before persisting uploads to S3 or marking DB records as active.
4. Avoid putting sensitive identifiers or PII into S3 object metadata. If metadata is required, redact/encrypt sensitive fields or store them only in the database.
5. Sanitize or redact sensitive values in logs (object keys, full stack traces, credentials). Use structured logging and a sensitive-data filter.
6. Make deletion operations atomic or resilient: delete DB record first (soft-delete) then remove S3 object asynchronously, or implement compensating actions and retry on DB delete failure to avoid orphaned DB records or missing objects.
7. Limit the number of attachments returned or generate signed URLs lazily. Use pagination and cap parallel signed URL generation to avoid large fan-outs (e.g., map with concurrency limit).
8. Avoid decoding the full base64 payload into memory before checking size. Check base64 string length to estimate size and/or stream decode to enforce limits and reduce OOM risk.
9. Implement rate limiting and quotas for endpoints that generate signed URLs or download files to prevent abuse and DoS.
10. Sanitize and validate organizationId, entityId, entityType, and attachmentId before using them in S3 keys or metadata. Enforce format/charset restrictions and length limits.

🔴 apps/app/src/lib/api-client.ts (HIGH Risk)

#	Issue	Risk Level
1	Allows requests to arbitrary absolute URLs; sends cookies and Authorization	HIGH
2	Client-supplied X-Organization-Id header can enable auth bypass if trusted	HIGH
3	Merges customHeaders directly, allowing overriding Authorization or other headers	HIGH
4	Console logs may leak sensitive error info (avoid logging raw error objects)	HIGH

Recommendations:

1. Disallow or validate absolute endpoints before performing fetch. If absolute URLs are accepted, enforce a server/host allowlist and/or require same-origin. Example: if endpoint is absolute, verify its origin matches env.NEXT_PUBLIC_API_URL or is on an allowlist before calling fetch.
2. Only send credentials and Authorization to same-origin or verified allowed hosts. Determine the request origin (new URL(url).origin) and only include credentials: 'include' and Authorization when origin === this.baseUrl origin (or in an allowlist). For cross-origin requests, do not attach the site's JWT or include credentials.
3. Do not rely on client-supplied X-Organization-Id for authorization on the server. Server-side must validate that the JWT's organization claims permit the requested org context. Consider dropping X-Organization-Id entirely from client trust or require it only for benign operations and always verify on the server.
4. Restrict customHeaders to a safe allowlist. Filter/strip header names that could affect auth or sensitive behavior (e.g., Authorization, Cookie, Set-Cookie, Proxy-Authorization, Host). Set Authorization and other sensitive headers after merging and/or override any client-provided values with server-controlled values.
5. Avoid logging raw error objects or token-related failures. Sanitize or redact sensitive fields before logging. Use structured logs that omit tokens, full stack traces, or other secrets. Prefer logging minimal context (error code, user-visible message) and capture full details only in safe internal monitoring with access controls.

---

💡 Recommendations

View 3 recommendation(s)

1. Upgrade xlsx (current 0.18.5) to a patched release that addresses GHSA-4r6h-8v6p-xvw6 and GHSA-5pgg-2g8v-p4x9; update your lockfile and run unit/integration tests that exercise Excel parsing paths.
2. Upgrade ai from 5.0.0 to >= 5.0.52 (scan indicates fix in 5.0.52); update lockfile and verify behavior of any file-upload or filetype-checking code that relies on this package.
3. Add code-side input validation at library call sites: validate MIME/magic bytes for files before handing them to xlsx/ai, reject or sanitize untrusted regex inputs, and limit/whitelist inputs that could trigger ReDoS or prototype pollution in parsing routines.

---

Powered by Comp AI - AI that handles compliance for you. Reviewed Nov 20, 2025