docs(phase-07): add/update security threat verification
This commit is contained in:
parent
dc534e993e
commit
c667faad65
|
|
@ -0,0 +1,59 @@
|
|||
---
|
||||
phase: 07
|
||||
slug: phase-06-mention-upload
|
||||
status: verified
|
||||
threats_open: 0
|
||||
asvs_level: 1
|
||||
created: 2026-04-17
|
||||
---
|
||||
|
||||
# Phase 07 — Security
|
||||
|
||||
> Per-phase security contract: threat register, accepted risks, and audit trail.
|
||||
|
||||
---
|
||||
|
||||
## Trust Boundaries
|
||||
|
||||
| Boundary | Description | Data Crossing |
|
||||
|----------|-------------|---------------|
|
||||
| 输入框展示态 -> 提交态 payload | 同一条用户消息在展示与提交存在双态,需防止内部提示文案泄露到用户可见区 | 用户原文、拼接提示文本、附件/Skill 标识 |
|
||||
| 前端组装器 -> 后端存档消息 | 拼接文案进入提交链路并可能回流,需要保证展示层过滤与提交层分离 | 提交消息正文、`additional_kwargs.files`、历史消息渲染内容 |
|
||||
|
||||
---
|
||||
|
||||
## Threat Register
|
||||
|
||||
| Threat ID | Category | Component | Disposition | Mitigation | Status |
|
||||
|-----------|----------|-----------|-------------|------------|--------|
|
||||
| T-07-01 | I (Information Disclosure) | `frontend/src/core/threads/hooks.ts` + `frontend/src/components/workspace/messages/message-list-item.tsx` | mitigate | 提交态使用 `submitText`,展示态经 `stripPriorityHintSuffix` 过滤;E2E 验证消息区不回显优先提示 | closed |
|
||||
| T-07-02 | T (Tampering / flow bypass) | `frontend/src/components/workspace/input-box.tsx` | mitigate | 发送入口统一经 `requestSubmit -> handleSubmit` 透传 references/skills,避免分支漏传 | closed |
|
||||
| T-07-03 | R (Repudiation / traceability) | `frontend/tests/e2e/input-and-compose.spec.ts` | mitigate | 增加请求拦截断言(DF-INPUT-008A),可审计提交内容含 `XClaw优先使用` 且 UI 不显示后缀 | closed |
|
||||
|
||||
*Status: open · closed*
|
||||
*Disposition: mitigate (implementation required) · accept (documented risk) · transfer (third-party)*
|
||||
|
||||
---
|
||||
|
||||
## Accepted Risks Log
|
||||
|
||||
No accepted risks.
|
||||
|
||||
---
|
||||
|
||||
## Security Audit Trail
|
||||
|
||||
| Audit Date | Threats Total | Closed | Open | Run By |
|
||||
|------------|---------------|--------|------|--------|
|
||||
| 2026-04-17 | 3 | 3 | 0 | Codex (`/gsd-secure-phase 7`) |
|
||||
|
||||
---
|
||||
|
||||
## Sign-Off
|
||||
|
||||
- [x] All threats have a disposition (mitigate / accept / transfer)
|
||||
- [x] Accepted risks documented in Accepted Risks Log
|
||||
- [x] `threats_open: 0` confirmed
|
||||
- [x] `status: verified` set in frontmatter
|
||||
|
||||
**Approval:** verified 2026-04-17
|
||||
Loading…
Reference in New Issue