lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove completed TASK-020 from tasks list

Browse Source 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Lukas
2026-04-26 14:28:30 +02:00
parent ec253d9b7a
commit 5709785942
1 changed files with 0 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
Docs/Tasks.md
View File

@@ -1,35 +1,3 @@
## TASK-020 — `log_target` accepts arbitrary paths — root file write via fail2ban (CRITICAL)
**Severity:** Critical
### Where found
`backend/app/models/config.py``GlobalConfigUpdate.log_target: str | None`. `backend/app/services/config_service.py``update_global_config()` forwards the value to fail2ban without validation.
### Why this is needed
fail2ban runs as root. When `log_target` is set to a path, fail2ban opens (and if necessary creates) that file for writing. An authenticated user can send `PUT /api/config/global` with `{"log_target": "/etc/cron.d/bangui-pwned"}`, causing fail2ban to create that file as root. With crafted content appended via fail2ban's own logging, this escalates to a root write primitive and potentially to Remote Code Execution.
### Goal
Block all `log_target` values that are not `"STDOUT"`, `"STDERR"`, `"SYSLOG"`, or a path under the configured allowed log directories.
### What to do
1. **Immediate:** Add a strict `@field_validator("log_target")` to `GlobalConfigUpdate` that enforces the allowlist (see TASK-015 — this task and TASK-015 share the same fix).
2. **Defense in depth:** Before sending the command to fail2ban in `update_global_config()`, validate again at the service layer (not just the model layer).
3. Add a regression test: `POST /api/config/global` with `log_target="/etc/passwd"` must return 422.
### Possible traps and issues
- This must be fixed before TASK-015 since it is the more severe variant. The fixes are identical — implement them together.
- Pydantic model validators run before the service receives the value, but an integration test confirming the full request path is essential.
### Docs changes needed
- `Features.md` — document valid log_target values.
- `Backend-Development.md` — critical input validation requirement for config endpoints.
### Doc references
- [Features.md](Features.md) — fail2ban global configuration
- [Backend-Development.md](Backend-Development.md) — input validation
---
## TASK-021 — `set_jail_config_enabled` and `write_jail_config_file` not atomic ## TASK-021 — `set_jail_config_enabled` and `write_jail_config_file` not atomic
**Severity:** Medium **Severity:** Medium