copper-tone-tech/web-hosts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
web-hosts/domains/coppertone.tech/audit-reports/database-audit/sensitive-data-20251123-124312.txt
Derek Williams c7d6786039 Add full web-hosts state
2025-12-26 13:38:04 +01:00

99 lines
14 KiB
Plaintext
Raw Permalink Blame History

# Sensitive Data Handling - 20251123-124312
== Password storage columns ==
/home/administrator/projects/coppertone.tech/backend/migrations/005_schema_separation.up.sql:124:-- "user=%s password=%s dbname=%s host=%s sslmode=%s search_path=%s",
/home/administrator/projects/coppertone.tech/backend/migrations/005_schema_separation.up.sql:125:-- user, password, name, host, sslMode, schema
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:14:CREATE TYPE identity_type AS ENUM ('email_password', 'blockchain_address', 'did');
== bcrypt/hash usage (password hashing) ==
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:344: http.HandleFunc("/crypto/confirm", authMiddleware(confirmCryptoPayment)) // POST - confirm with tx hash
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:739: due_date, issued_date, paid_date, blockchain_tx_hash, ipfs_document_cid,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:748: due_date, issued_date, paid_date, blockchain_tx_hash, ipfs_document_cid,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:758: due_date, issued_date, paid_date, blockchain_tx_hash, ipfs_document_cid,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:847: due_date, issued_date, paid_date, blockchain_tx_hash, ipfs_document_cid,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:906: blockchain_tx_hash = $10, ipfs_document_cid = $11, notes = $12
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1010: blockchain_tx_hash, blockchain_network, payment_processor, processor_fee,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1019: blockchain_tx_hash, blockchain_network, payment_processor, processor_fee,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1044: blockchain_tx_hash, blockchain_network, payment_processor, processor_fee,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1054: p.blockchain_tx_hash, p.blockchain_network, p.payment_processor, p.processor_fee,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1118: transaction_id, blockchain_tx_hash, blockchain_network,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1143: blockchain_tx_hash, blockchain_network, payment_processor, processor_fee,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1738:// confirmCryptoPayment records a transaction hash for verification.
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1754: http.Error(w, "Transaction hash is required", http.StatusBadRequest)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1758: // Validate tx hash format (basic check)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1760: http.Error(w, "Invalid transaction hash format", http.StatusBadRequest)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1795: // Update crypto details with tx hash
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1798: SET tx_hash = $1, from_address = $2
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1799: WHERE payment_id = $3 AND tx_hash IS NULL
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1809: http.Error(w, "Payment already has a transaction hash", http.StatusConflict)
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1859: p.blockchain_tx_hash, p.blockchain_network, p.created_at, p.updated_at, i.client_id
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:1896: SELECT cd.tx_hash, cd.from_address, cd.to_address, cd.amount_crypto,
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2760: payment_status, network_id, token_id, tx_hash, fee_amount, net_amount,
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:419: // Test hashing
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:420: hashed, err := hashPassword(password)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:422: t.Fatalf("hashPassword() error = %v", err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:425: if hashed == "" {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:426: t.Error("hashPassword() returned empty string")
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:429: if hashed == password {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:430: t.Error("hashPassword() did not hash the password")
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:434: if !checkPasswordHash(password, hashed) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:439: if checkPasswordHash("wrongPassword", hashed) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:26: "golang.org/x/crypto/bcrypt"
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:171: maxPasswordLength = 72 // bcrypt limit
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:632: passwordHash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:634: http.Error(w, "Failed to hash password", http.StatusInternalServerError)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:861: if err := bcrypt.CompareHashAndPassword([]byte(passwordHash), []byte(req.Password)); err != nil {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1101: passwordHash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1103: http.Error(w, "Failed to hash password", http.StatusInternalServerError)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1479: // Hash the token before storing (we only store the hash)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1480: tokenHash, err := bcrypt.GenerateFromPassword([]byte(token), bcrypt.DefaultCost)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1482: return "", fmt.Errorf("failed to hash refresh token: %w", err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1487: // Store hashed token in database
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1489: INSERT INTO refresh_tokens (user_id, token_hash, expires_at, client_ip, created_at)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1506: SELECT id, user_id, token_hash
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1522: // Compare token with hash
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1523: if bcrypt.CompareHashAndPassword([]byte(tokenHash), []byte(token)) == nil {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1571: tokenHash, err := bcrypt.GenerateFromPassword([]byte(csrfToken), bcrypt.DefaultCost)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1573: return fmt.Errorf("failed to hash CSRF token: %w", err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1578: // Store hashed token in database
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1580: INSERT INTO csrf_tokens (user_id, token_hash, expires_at, client_ip, created_at)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1598: SELECT token_hash
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1614: // Compare token with hash
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1615: if bcrypt.CompareHashAndPassword([]byte(tokenHash), []byte(token)) == nil {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1752:func hashPassword(password string) (string, error) {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1753: hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1757: return string(hash), nil
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1760:func checkPasswordHash(password, hash string) bool {
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1761: return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil
== Encryption columns ==
No encryption found
== PII columns (email, phone, address, ssn) ==
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:20: explorer_address_path VARCHAR(100), -- Path for address lookup
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:34: contract_address VARCHAR(100) NOT NULL,
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:65: UNIQUE(network_id, contract_address)
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:68:-- Payment wallets (company receiving addresses)
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:73: address VARCHAR(100) NOT NULL,
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:74: address_type VARCHAR(20) DEFAULT 'hot', -- 'hot', 'cold', 'multisig'
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:78: address_index INTEGER,
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:95: UNIQUE(network_id, address)
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:179: from_address VARCHAR(100),
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:180: to_address VARCHAR(100) NOT NULL,
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:226: ip_address VARCHAR(45),
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:299: donor_email VARCHAR(255), -- For receipt
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:448:CREATE INDEX IF NOT EXISTS idx_payment_tokens_contract ON payment_tokens(contract_address);
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:569:INSERT INTO payment_tokens (network_id, contract_address, token_symbol, token_name, decimals, is_verified, is_stablecoin, coingecko_id)
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:572: t.contract_address,
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:586:) AS t(contract_address, token_symbol, token_name, decimals, is_stablecoin, coingecko_id)
/home/administrator/projects/coppertone.tech/backend/migrations/010_enhanced_payments.up.sql:588:ON CONFLICT (network_id, contract_address) DO NOTHING;
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:5: email VARCHAR(255) UNIQUE, -- Nullable for blockchain-only users
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:10:-- Create index on email for faster lookups
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:11:CREATE INDEX idx_users_email ON users(email) WHERE email IS NOT NULL;
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:14:CREATE TYPE identity_type AS ENUM ('email_password', 'blockchain_address', 'did');
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:21: identifier VARCHAR(500) NOT NULL, -- Email, blockchain address, or DID
/home/administrator/projects/coppertone.tech/backend/migrations/009_messenger.up.sql:155: multiaddrs TEXT[], -- Known multiaddresses
/home/administrator/projects/coppertone.tech/backend/migrations/004_approval_workflow_and_audit.up.sql:73: user_email VARCHAR(255), -- Denormalized for when user is deleted
/home/administrator/projects/coppertone.tech/backend/migrations/004_approval_workflow_and_audit.up.sql:77: ip_address INET,
/home/administrator/projects/coppertone.tech/backend/migrations/004_approval_workflow_and_audit.up.sql:198: req.email AS requester_email,
/home/administrator/projects/coppertone.tech/backend/migrations/004_approval_workflow_and_audit.up.sql:201: cli.email AS client_email,
Reference in New Issue View Git Blame Copy Permalink