bruno cesar
|
c550d017fa
|
Fix 8 audit blockers: IDOR, graph leaks, CPF masking, format normalization, frontend types, pattern query
Security:
- entity_by_element_id: label allowlist prevents IDOR on private nodes
- graph_expand/entity_connections: restrict rel types + exclude User/Investigation/Annotation/Tag
- main.py: log critical warning on weak/default JWT secret at startup
- neo4j_service: schema bootstrap no longer drops comment-prefixed statements
Data integrity:
- entity_lookup.cypher: dual-format CPF/CNPJ matching (digits-only + punctuated)
- entity.py: format helpers normalize input before lookup
- cpf_masking.py: public mask functions for reuse outside middleware
- investigation.py: explicit CPF masking in PDF export
Frontend:
- client.ts: EntityDetail interface aligned with backend (removed root name/document, added is_pep)
- EntityDetail.tsx: derive display name/document from properties dict
Pattern logic:
- pattern_contract_concentration: compute municipality total before entity filter
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
2026-02-23 01:23:19 -03:00 |
|
bruno cesar
|
0dd953898c
|
Phase 1: API core — all endpoints, query service, CPF masking
- Neo4j query service: CypherLoader + parameterized executor
- Entity endpoints: /entity/{cpf_or_cnpj} lookup + /entity/{id}/connections
- Search endpoint: /search with fulltext index, pagination, type filtering
- Graph endpoint: /graph/{entity_id} with depth/type filtering, nodes + edges
- CPF masking middleware: scans responses, masks non-PEP CPFs, preserves CNPJ
- Pydantic models: EntityResponse, SearchResponse, GraphResponse with source attribution
- 5 .cypher query files (never inline Cypher)
- 58 unit tests passing (ruff + mypy + pytest clean)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
2026-02-22 03:21:15 -03:00 |
|