π‘οΈ Sentinel: Hardened timing-safe comparison and added Telegram secret filtering#58
π‘οΈ Sentinel: Hardened timing-safe comparison and added Telegram secret filtering#58SuvenSeo wants to merge 1 commit into
Conversation
β¦t filtering - Hardened `safeEqual` and `safeEqualText` against length-based timing attacks by hashing inputs with SHA-256 before comparison. - Added proactive secret leakage protection to the Telegram `handleMessage` to reject messages containing potential credentials or tokens. - Updated the Sentinel security journal with key learnings from these improvements. - Verified fixes with the existing test suite (all tests passing). Co-authored-by: SuvenSeo <263689617+SuvenSeo@users.noreply.github.com>
|
π Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a π emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Pull request overview
This PR hardens secret/token comparisons to avoid length-based timing side-channels and adds Telegram message ingestion filtering to prevent sensitive-looking user content from being processed or persisted.
Changes:
- Updated Node (
safeEqual) and Edge (safeEqualText) equality checks to compare fixed-length SHA-256 digests in constant time. - Added
hasSensitiveContentgating in the TelegramhandleMessagepath to refuse processing of messages that look like credentials/secrets. - Added
.jules/sentinel.mddocumenting the vulnerabilities and mitigations.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| frontend/src/proxy.js | Makes safeEqualText async and hashes inputs before constant-time comparison in the proxy/middleware path. |
| frontend/src/lib/middleware/auth.js | Hardens safeEqual by hashing both inputs before timingSafeEqual. |
| frontend/src/lib/handlers/messageHandler.js | Rejects sensitive-looking Telegram messages early and logs a security event. |
| .jules/sentinel.md | Documents the timing-attack and secret-filtering mitigations introduced by this PR. |
π‘ Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| // ββ Main Message Handler ββββββββββββββββββββββββββββββββββββββββββββββββββββββ | ||
| export async function handleMessage(chatId, text, messageId) { | ||
| if (hasSensitiveContent(text)) { |
π‘οΈ Sentinel: Security Hardening & Secret Filtering
π¨ Severity: HIGH (Timing Attack Mitigation) / MEDIUM (Secret Filtering)
π‘ Vulnerability
safeEqualandsafeEqualTextutilities were susceptible to length-based timing attacks because they performed an early return if input lengths differed.π― Impact
π§ Fix
safeEqual(Node.js) andsafeEqualText(Edge/SubtleCrypto) to hash both inputs with SHA-256 before constant-time comparison. This ensures fixed-length buffers (32 bytes) are always compared, eliminating length side-channels.hasSensitiveContentinto the Telegram message handler to intercept and refuse processing of messages that look like secrets.β Verification
npm testin thefrontenddirectory: All 34 tests passed, including authentication and webhook verification..jules/sentinel.mdwith documented vulnerabilities and preventions.PR created automatically by Jules for task 17546227515962454379 started by @SuvenSeo