warden-worker/SECURITY.md
2026-01-08 08:48:22 +00:00

55 lines
2.9 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Security Policy
Warden is a self-hosted, Bitwarden-compatible backend for Cloudflare Workers. We take security seriously, but please note this project has not been formally security-audited.
## Reporting a Vulnerability
**Preferred:** Use GitHubs private vulnerability reporting (Security tab → “Report a vulnerability”).
**Do not** open a public issue with exploit details.
When reporting, include:
- A clear description of the issue and impact.
- Steps to reproduce (ideally on your own deployment).
- Affected endpoint(s)/file(s) and any relevant configuration (e.g., `wrangler.toml` ratelimit bindings, Durable Objects offload, R2 attachments).
- Version/commit SHA and your deployment environment (Workers plan, Wrangler version if relevant).
## Disclosure Guidelines
- Please give us a reasonable amount of time to investigate and address the issue before public disclosure.
- Make a good-faith effort to avoid privacy violations, data destruction, and service disruption.
- Do not perform denial-of-service testing against the demo instance.
## Supported Versions
Security fixes are provided on a best-effort basis for the latest release and the `main` branch. Older versions may not receive security patches.
## In Scope
- Backend implementation in `src/` (auth, crypto, handlers, database access).
- Worker entrypoint and edge concerns in `src/entry.js` (routing, attachment streaming, Durable Objects offload).
- Wrangler configuration in `wrangler.toml` (bindings, rate limiting, routes).
- Database schema and migrations (`sql/`, `migrations/`).
- Deployment tooling and scripts (`docs/`, `scripts/`, GitHub Actions workflows).
- UI overrides shipped by this repo (e.g., `public/css/`).
## Out of Scope / Exclusions
- Issues in upstream Bitwarden clients (mobile/desktop/browser extensions).
- Issues in the bundled upstream Web Vault build (`bw_web_builds`) that are not caused by this repositorys overrides.
- Vulnerabilities in the Cloudflare platform itself (Workers/D1/R2/DO); please report those to Cloudflare.
- Vulnerabilities in unmaintained/outdated deployments.
- Attacks requiring physical access to a users device.
- Social engineering, spam, and denial-of-service attempts.
## Deployment Hardening (Operators)
This project is "self-hosted": **your Cloudflare account is part of your security boundary**. Review the deployment docs and consider the following:
- Set strong secrets: `JWT_SECRET` and `JWT_REFRESH_SECRET` (>32 characters, random, unique per environment).
- Restrict who can register/log in (e.g., `ALLOWED_EMAILS`), and consider disabling open registration.
- Ensure rate limiting is configured (see `wrangler.toml` `[[ratelimits]]` bindings); missing bindings degrade gracefully and may reduce protection.
- Treat Cloudflare API tokens as highly sensitive; grant least privilege and rotate when needed.
- Protect backups and exports (D1 backups, logs) as they may contain sensitive metadata.