Pulse/internal
rcourtman 1bf9cfea88 Fix critical P0 security and crash issues in API/WebSocket layer
This commit addresses 5 critical P0 bugs that cause security vulnerabilities, crashes, and data corruption:

**P0-1: Recovery Tokens Replay Attack Vulnerability** (recovery_tokens.go:153-159)
- **SECURITY CRITICAL**: Single-use recovery tokens could be replayed
- **Problem**: Lock upgrade race - two concurrent requests both pass initial Used check
  1. Both acquire RLock, see token.Used = false
  2. Both release RLock
  3. Both acquire Lock and mark token.Used = true
  4. Both return true - TOKEN REUSED
- **Impact**: Attacker with intercepted token can use it multiple times
- **Fix**: Re-check token.Used after acquiring write lock (TOCTOU prevention)

**P0-2: WebSocket Hub Concurrent Map Panic** (hub.go:345-347, 376-378)
- **Problem**: Initial state goroutine reads h.clients map without lock
  - Line 345: `if _, ok := h.clients[client]` (NO LOCK)
  - Main loop writes to h.clients with lock (line 326, 394)
- **Impact**: "fatal error: concurrent map read and write" crashes hub
- **Fix**: Acquire RLock before all client map reads in goroutine

**P0-3: WebSocket Send on Closed Channel Panic** (hub.go:348, 380)
- **Problem**: Check client exists, then send - channel can close between
- **Impact**: "send on closed channel" panic crashes hub
- **Fix**: Hold RLock during both check and send (defensive select already present)

**P0-4: CSRF Store Shutdown Data Corruption** (csrf_store.go:189-196)
- **Problem**: Stop() calls save() after signaling worker. Both hold only RLock
  - Worker's final save writes to csrf_tokens.json.tmp
  - Stop()'s save writes to same file concurrently
- **Impact**: Corrupted/truncated csrf_tokens.json on shutdown
- **Fix**: Added saveMu mutex to serialize all disk writes

**P0-5: CSRF Store Deadlock on Double-Stop** (csrf_store.go:103-108)
- **Problem**: stopChan unbuffered, no sync.Once guard, uses send not close
- **Impact**: Second Stop() call blocks forever waiting for receiver
- **Fix**:
  - Added sync.Once field stopOnce
  - Changed to close(stopChan) within stopOnce.Do()
  - Prevents double-close panic and deadlock

All fixes maintain backwards compatibility. The recovery token fix is particularly critical as it closes a security vulnerability allowing replay attacks on password reset flows.
2025-11-07 10:13:15 +00:00
..
alerts Fix critical alert system concurrency and memory leak issues 2025-11-07 09:12:28 +00:00
api Fix critical P0 security and crash issues in API/WebSocket layer 2025-11-07 10:13:15 +00:00
auth Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
config Fix P1: Config Persistence transaction field synchronization 2025-11-07 10:00:31 +00:00
crypto Harden setup token flow and enforce encrypted persistence 2025-10-25 16:00:37 +00:00
discovery Fix P1/P2 infrastructure issues: panic recovery and optimizations 2025-11-07 09:55:22 +00:00
dockeragent Fix critical version embedding issues for 4.26 release 2025-11-06 11:42:52 +00:00
errors Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
hostagent Normalize docker agent version handling 2025-10-28 08:42:58 +00:00
hostmetrics Normalize docker agent version handling 2025-10-28 08:42:58 +00:00
logging feat: comprehensive diagnostics and observability improvements 2025-10-21 12:37:39 +00:00
metrics Add comprehensive alert system reliability improvements 2025-11-06 16:46:30 +00:00
mock Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
models Add AMD GPU temperature monitoring support 2025-11-06 00:19:04 +00:00
monitoring Fix critical monitoring system issues and add robustness improvements 2025-11-07 08:52:37 +00:00
notifications Fix critical monitoring system issues and add robustness improvements 2025-11-07 08:52:37 +00:00
ssh/knownhosts Add configurable SSH port for temperature monitoring 2025-11-05 20:03:29 +00:00
system Enhance container detection for temperature SSH safeguards (refs #601) 2025-11-04 22:30:35 +00:00
tempproxy Fix temperature data intermittency caused by proxy rate limit retries 2025-11-05 10:20:15 +00:00
types Fix settings security tab navigation 2025-10-11 23:29:47 +00:00
updates Fix critical rollback download URL bug and doc inconsistencies 2025-11-06 14:25:32 +00:00
utils Refactor: Code cleanup and localStorage consolidation 2025-11-04 21:50:46 +00:00
websocket Fix critical P0 security and crash issues in API/WebSocket layer 2025-11-07 10:13:15 +00:00