eliott/br-acc
1
0
Fork 0
mirror of https://github.com/kharonsec/br-acc synced 2026-04-26 01:25:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix 8 audit blockers: IDOR, graph leaks, CPF masking, format normalization, frontend types, pattern query

Browse Source 
Security:
- entity_by_element_id: label allowlist prevents IDOR on private nodes
- graph_expand/entity_connections: restrict rel types + exclude User/Investigation/Annotation/Tag
- main.py: log critical warning on weak/default JWT secret at startup
- neo4j_service: schema bootstrap no longer drops comment-prefixed statements

Data integrity:
- entity_lookup.cypher: dual-format CPF/CNPJ matching (digits-only + punctuated)
- entity.py: format helpers normalize input before lookup
- cpf_masking.py: public mask functions for reuse outside middleware
- investigation.py: explicit CPF masking in PDF export

Frontend:
- client.ts: EntityDetail interface aligned with backend (removed root name/document, added is_pep)
- EntityDetail.tsx: derive display name/document from properties dict

Pattern logic:
- pattern_contract_concentration: compute municipality total before entity filter

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
bruno cesar
2026-02-23 01:23:19 -03:00
parent 03356fe5ce
commit c550d017fa
14 changed files with 91 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
api/tests/unit/test_cpf_masking.py
View File

@@ -10,9 +10,9 @@ import pytest
from icarus.middleware.cpf_masking import (
_collect_pep_cpfs,
_is_pep_record,
_mask_formatted_cpf,
_mask_raw_cpf,
mask_cpfs_in_json,
mask_formatted_cpf,
mask_raw_cpf,
)
if TYPE_CHECKING:
@@ -26,18 +26,18 @@ if TYPE_CHECKING:
class TestMaskFormattedCPF:
def test_basic(self) -> None:
assert _mask_formatted_cpf("123.456.789-00") == "***.***.789-00"
assert mask_formatted_cpf("123.456.789-00") == "***.***.789-00"
def test_another(self) -> None:
assert _mask_formatted_cpf("000.111.222-33") == "***.***.222-33"
assert mask_formatted_cpf("000.111.222-33") == "***.***.222-33"
class TestMaskRawCPF:
def test_basic(self) -> None:
assert _mask_raw_cpf("12345678900") == "*******8900"
assert mask_raw_cpf("12345678900") == "*******8900"
def test_zeros(self) -> None:
assert _mask_raw_cpf("00000000000") == "*******0000"
assert mask_raw_cpf("00000000000") == "*******0000"
class TestIsPepRecord: