docs(phase-07): add/update security threat verification
This commit is contained in:
parent
dc534e993e
commit
c667faad65
|
|
@ -0,0 +1,59 @@
|
||||||
|
---
|
||||||
|
phase: 07
|
||||||
|
slug: phase-06-mention-upload
|
||||||
|
status: verified
|
||||||
|
threats_open: 0
|
||||||
|
asvs_level: 1
|
||||||
|
created: 2026-04-17
|
||||||
|
---
|
||||||
|
|
||||||
|
# Phase 07 — Security
|
||||||
|
|
||||||
|
> Per-phase security contract: threat register, accepted risks, and audit trail.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Trust Boundaries
|
||||||
|
|
||||||
|
| Boundary | Description | Data Crossing |
|
||||||
|
|----------|-------------|---------------|
|
||||||
|
| 输入框展示态 -> 提交态 payload | 同一条用户消息在展示与提交存在双态,需防止内部提示文案泄露到用户可见区 | 用户原文、拼接提示文本、附件/Skill 标识 |
|
||||||
|
| 前端组装器 -> 后端存档消息 | 拼接文案进入提交链路并可能回流,需要保证展示层过滤与提交层分离 | 提交消息正文、`additional_kwargs.files`、历史消息渲染内容 |
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Threat Register
|
||||||
|
|
||||||
|
| Threat ID | Category | Component | Disposition | Mitigation | Status |
|
||||||
|
|-----------|----------|-----------|-------------|------------|--------|
|
||||||
|
| T-07-01 | I (Information Disclosure) | `frontend/src/core/threads/hooks.ts` + `frontend/src/components/workspace/messages/message-list-item.tsx` | mitigate | 提交态使用 `submitText`,展示态经 `stripPriorityHintSuffix` 过滤;E2E 验证消息区不回显优先提示 | closed |
|
||||||
|
| T-07-02 | T (Tampering / flow bypass) | `frontend/src/components/workspace/input-box.tsx` | mitigate | 发送入口统一经 `requestSubmit -> handleSubmit` 透传 references/skills,避免分支漏传 | closed |
|
||||||
|
| T-07-03 | R (Repudiation / traceability) | `frontend/tests/e2e/input-and-compose.spec.ts` | mitigate | 增加请求拦截断言(DF-INPUT-008A),可审计提交内容含 `XClaw优先使用` 且 UI 不显示后缀 | closed |
|
||||||
|
|
||||||
|
*Status: open · closed*
|
||||||
|
*Disposition: mitigate (implementation required) · accept (documented risk) · transfer (third-party)*
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Accepted Risks Log
|
||||||
|
|
||||||
|
No accepted risks.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Security Audit Trail
|
||||||
|
|
||||||
|
| Audit Date | Threats Total | Closed | Open | Run By |
|
||||||
|
|------------|---------------|--------|------|--------|
|
||||||
|
| 2026-04-17 | 3 | 3 | 0 | Codex (`/gsd-secure-phase 7`) |
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Sign-Off
|
||||||
|
|
||||||
|
- [x] All threats have a disposition (mitigate / accept / transfer)
|
||||||
|
- [x] Accepted risks documented in Accepted Risks Log
|
||||||
|
- [x] `threats_open: 0` confirmed
|
||||||
|
- [x] `status: verified` set in frontmatter
|
||||||
|
|
||||||
|
**Approval:** verified 2026-04-17
|
||||||
Loading…
Reference in New Issue