# A08: Software and Data Integrity Failures

Last updated: March 1, 2026

## Findings addressed

1. Backup/restore workflow did not verify backup artifact integrity before restoring.
2. Restores could proceed with tampered/corrupted dump files, risking silent data corruption.

## Fixes implemented

1. Added checksum artifact generation during backups:
- `scripts/backup.sh` now generates a SHA-256 checksum file next to each dump (`.sha256`).

2. Added checksum verification before restore:
- `scripts/restore.sh` now requires `${BACKUP_FILE}.sha256`.
- Validates checksum format (64 hex chars).
- Computes runtime SHA-256 of backup file and blocks restore on mismatch.

## Files changed

1. `scripts/backup.sh`
2. `scripts/restore.sh`
3. `api/tests/software-data-integrity-failures.test.ts`
4. `api/vitest.security.config.ts`

## Verification

Command:

```bash
cd api
npx vitest run -c vitest.security.config.ts tests/software-data-integrity-failures.test.ts
```

Verified output:

- Test Files: `1 passed (1)`
- Tests: `2 passed (2)`

Dedicated A08 checks in `software-data-integrity-failures.test.ts`:

1. Executes `scripts/backup.sh` with stubbed `pg_dump` and verifies dump + `.sha256` artifact generation.
2. Executes `scripts/restore.sh` with tampered checksum and verifies restore is blocked before DB commands are invoked.

## Residual notes

1. This secures backup artifact integrity in operational scripts.
2. For CI/CD artifact integrity hardening, next step is attestation/signature verification for deployed build artifacts.