GTEdgeAI/gt-ai-os-community
3
0
Fork 0
Code Issues Packages Releases Wiki Activity

GT AI OS Community Edition v2.0.33

Browse Source 
Security hardening release addressing CodeQL and Dependabot alerts:

- Fix stack trace exposure in error responses
- Add SSRF protection with DNS resolution checking
- Implement proper URL hostname validation (replaces substring matching)
- Add centralized path sanitization to prevent path traversal
- Fix ReDoS vulnerability in email validation regex
- Improve HTML sanitization in validation utilities
- Fix capability wildcard matching in auth utilities
- Update glob dependency to address CVE
- Add CodeQL suppression comments for verified false positives

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
HackWeasel
2025-12-12 17:04:45 -05:00
commit b9dfb86260
746 changed files with 232071 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
packages/utils/dist/crypto.d.ts vendored Normal file
View File

@@ -0,0 +1,44 @@
/**
* Generate a random encryption key
*/
export declare function generateEncryptionKey(): string;
/**
* Encrypt data using AES-256-GCM
*/
export declare function encrypt(data: string, keyHex: string): {
encrypted: string;
iv: string;
tag: string;
};
/**
* Decrypt data using AES-256-GCM
*/
export declare function decrypt(encryptedData: string, keyHex: string, ivHex: string, tagHex: string): string;
/**
* Hash data using SHA-256
*/
export declare function sha256Hash(data: string): string;
/**
* Generate HMAC signature
*/
export declare function generateHMAC(data: string, secret: string): string;
/**
* Verify HMAC signature
*/
export declare function verifyHMAC(data: string, signature: string, secret: string): boolean;
/**
* Generate tenant-specific encryption key from master key and tenant ID
*/
export declare function deriveTenantKey(masterKey: string, tenantId: string): string;
/**
* Encrypt JSON data for database storage
*/
export declare function encryptForDatabase(data: any, encryptionKey: string): string;
/**
* Decrypt JSON data from database storage
*/
export declare function decryptFromDatabase(encryptedData: string, encryptionKey: string): any;
/**
* Generate a secure random password
*/
export declare function generateSecurePassword(length?: number): string;