copper-tone-tech/web-hosts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
web-hosts/domains/coppertone.tech/audit-reports/security-audit/logging-20251123-124317.txt
Derek Williams c7d6786039 Add full web-hosts state
2025-12-26 13:38:04 +01:00

39 lines
5.1 KiB
Plaintext
Raw Permalink Blame History

# Logging Audit - 20251123-124317
== Sensitive Data in Logs ==
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:2015: log.Printf("Admin %d added token %s (%s) on network %d", userID, req.TokenSymbol, req.ContractAddress, req.NetworkID)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:205: req := httptest.NewRequest("POST", "/login-email-password", bytes.NewReader(body))
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:129: log.Printf("SECURITY: IP/email %s locked out after %d failed attempts", key, info.count)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:346: http.HandleFunc("/login-email-password", handleLoginEmailPassword)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:424: log.Println("WARNING: JWT_SECRET is less than 64 characters. Consider using a longer secret for production.")
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:863: log.Printf("SECURITY: Failed login attempt for email %s from IP %s (wrong password)", req.Email, clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:875: log.Printf("Error generating token pair: %v", err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:939: log.Printf("Error generating token pair: %v", err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:973: log.Printf("SECURITY: Invalid refresh token attempt from IP %s: %v", clientIP, err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:980: log.Printf("Warning: Failed to revoke old refresh token: %v", err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:986: log.Printf("Error generating token pair during refresh: %v", err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1021: log.Printf("SECURITY: Logout with invalid token from IP %s", clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1029: log.Printf("Error revoking refresh token: %v", err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1052: log.Printf("Error revoking all refresh tokens for user %d: %v", userID, err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1398: log.Printf("SECURITY: CSRF token missing for user %d from IP %s on %s %s",
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1406: log.Printf("SECURITY: Invalid CSRF token for user %d from IP %s on %s %s",
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1496: log.Printf("AUDIT: Refresh token created for user_id %d from IP %s, expires %s",
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1553: log.Printf("AUDIT: Revoked %d refresh tokens for user_id %d", rowsAffected, userID)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1603: log.Printf("Error querying CSRF tokens: %v", err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1627: log.Printf("Error cleaning up expired CSRF tokens: %v", err)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1632: log.Printf("Cleaned up %d expired CSRF tokens", rowsAffected)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1662: log.Printf("Warning: failed to store CSRF token: %v", err)
== PII in Logs ==
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:205: req := httptest.NewRequest("POST", "/login-email-password", bytes.NewReader(body))
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:45:// rateLimiter tracks login attempts per IP/email
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:129: log.Printf("SECURITY: IP/email %s locked out after %d failed attempts", key, info.count)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:346: http.HandleFunc("/login-email-password", handleLoginEmailPassword)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:852: log.Printf("SECURITY: Failed login attempt for email %s from IP %s (user not found)", req.Email, clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:863: log.Printf("SECURITY: Failed login attempt for email %s from IP %s (wrong password)", req.Email, clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:909: log.Printf("SECURITY: Failed blockchain login for address %s from IP %s (invalid signature)", req.Address, clientIP)
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:924: log.Printf("SECURITY: Failed blockchain login for address %s from IP %s (not registered)", req.Address, clientIP)
== Structured Logging ==
237
unstructured log calls found (consider structured logging)
Reference in New Issue View Git Blame Copy Permalink