50 lines
1.5 KiB
Markdown
50 lines
1.5 KiB
Markdown
# A08: Software and Data Integrity Failures
|
|
|
|
Last updated: March 1, 2026
|
|
|
|
## Findings addressed
|
|
|
|
1. Backup/restore workflow did not verify backup artifact integrity before restoring.
|
|
2. Restores could proceed with tampered/corrupted dump files, risking silent data corruption.
|
|
|
|
## Fixes implemented
|
|
|
|
1. Added checksum artifact generation during backups:
|
|
- `scripts/backup.sh` now generates a SHA-256 checksum file next to each dump (`.sha256`).
|
|
|
|
2. Added checksum verification before restore:
|
|
- `scripts/restore.sh` now requires `${BACKUP_FILE}.sha256`.
|
|
- Validates checksum format (64 hex chars).
|
|
- Computes runtime SHA-256 of backup file and blocks restore on mismatch.
|
|
|
|
## Files changed
|
|
|
|
1. `scripts/backup.sh`
|
|
2. `scripts/restore.sh`
|
|
3. `api/tests/software-data-integrity-failures.test.ts`
|
|
4. `api/vitest.security.config.ts`
|
|
|
|
## Verification
|
|
|
|
Command:
|
|
|
|
```bash
|
|
cd api
|
|
npx vitest run -c vitest.security.config.ts tests/software-data-integrity-failures.test.ts
|
|
```
|
|
|
|
Verified output:
|
|
|
|
- Test Files: `1 passed (1)`
|
|
- Tests: `2 passed (2)`
|
|
|
|
Dedicated A08 checks in `software-data-integrity-failures.test.ts`:
|
|
|
|
1. Executes `scripts/backup.sh` with stubbed `pg_dump` and verifies dump + `.sha256` artifact generation.
|
|
2. Executes `scripts/restore.sh` with tampered checksum and verifies restore is blocked before DB commands are invoked.
|
|
|
|
## Residual notes
|
|
|
|
1. This secures backup artifact integrity in operational scripts.
|
|
2. For CI/CD artifact integrity hardening, next step is attestation/signature verification for deployed build artifacts.
|