personal-projects/py-wikijs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
claude/test-tool-integration-011CUUU3JXwm8n8waD6UYeea
py-wikijs/SECURITY.md
Claude cef6903cbc feat: implement production-ready features from improvement plan phase 2.5 & 2.6 
Phase 2.5: Fix Foundation (CRITICAL)
- Fixed 4 failing tests by adding cache attribute to mock_client fixture
- Created comprehensive cache tests for Pages endpoint (test_pages_cache.py)
- Added missing dependencies: pydantic[email] and aiohttp to core requirements
- Updated requirements.txt with proper dependency versions
- Achieved 82.67% test coverage with 454 passing tests

Phase 2.6: Production Essentials
- Implemented structured logging (wikijs/logging.py)
  * JSON and text log formatters
  * Configurable log levels and output destinations
  * Integration with client operations

- Implemented metrics and telemetry (wikijs/metrics.py)
  * Request tracking with duration, status codes, errors
  * Latency percentiles (min, max, avg, p50, p95, p99)
  * Error rate calculation
  * Thread-safe metrics collection

- Implemented rate limiting (wikijs/ratelimit.py)
  * Token bucket algorithm for request throttling
  * Per-endpoint rate limiting support
  * Configurable timeout handling
  * Burst capacity management

- Created SECURITY.md policy
  * Vulnerability reporting procedures
  * Security best practices
  * Response timelines
  * Supported versions

Documentation
- Added comprehensive logging guide (docs/logging.md)
- Added metrics and telemetry guide (docs/metrics.md)
- Added rate limiting guide (docs/rate_limiting.md)
- Updated README.md with production features section
- Updated IMPROVEMENT_PLAN_2.md with completed checkboxes

Testing
- Created test suite for logging (tests/test_logging.py)
- Created test suite for metrics (tests/test_metrics.py)
- Created test suite for rate limiting (tests/test_ratelimit.py)
- All 454 tests passing
- Test coverage: 82.67%

Breaking Changes: None
Dependencies Added: pydantic[email], email-validator, dnspython

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-23 16:45:02 +00:00

112 lines
2.8 KiB
Markdown
Raw Permalink Blame History

# Security Policy
## Supported Versions
| Version | Supported |
| ------- | ------------------ |
| 0.3.x | :white_check_mark: |
| 0.2.x | :white_check_mark: |
| 0.1.x | :x: |
## Reporting a Vulnerability
**Please do not report security vulnerabilities through public GitHub issues.**
Instead, please report them via email to: **lmiranda@hotserv.cloud**
Include the following information:
- Type of vulnerability
- Full paths of affected source files
- Location of affected source code (tag/branch/commit)
- Step-by-step instructions to reproduce
- Proof-of-concept or exploit code (if possible)
- Impact of the issue
### Response Timeline
- **Initial Response**: Within 48 hours
- **Status Update**: Within 7 days
- **Fix Timeline**: Depends on severity
- Critical: 7-14 days
- High: 14-30 days
- Medium: 30-60 days
- Low: Best effort
## Security Best Practices
### API Keys
- Never commit API keys to version control
- Use environment variables for sensitive data
- Rotate API keys regularly
- Use separate keys for different environments
### SSL/TLS
- Always use HTTPS for Wiki.js instances
- Verify SSL certificates (verify_ssl=True)
- Use modern TLS versions (1.2+)
- Keep certificates up to date
### Dependencies
- Keep dependencies updated
- Monitor security advisories
- Use pip-audit for vulnerability scanning
- Review dependency changes before upgrading
### Authentication
- Use JWT authentication for production
- Implement token refresh mechanisms
- Store tokens securely
- Never log authentication credentials
### Input Validation
- Always validate user input
- Use type hints and Pydantic models
- Sanitize data before processing
- Check for injection vulnerabilities
## Disclosure Policy
Once a vulnerability is fixed:
1. We will publish a security advisory
2. Credit will be given to the reporter (if desired)
3. Details will be disclosed responsibly
4. Users will be notified through appropriate channels
## Security Features
### Built-in Security
- Request validation using Pydantic
- SSL certificate verification by default
- Rate limiting to prevent abuse
- Structured logging for audit trails
- No hardcoded credentials
### Recommended Practices
```python
# Good: Use environment variables
import os
from wikijs import WikiJSClient
client = WikiJSClient(
os.getenv("WIKIJS_URL"),
auth=os.getenv("WIKIJS_API_KEY"),
verify_ssl=True
)
# Bad: Hardcoded credentials
# client = WikiJSClient(
# "https://wiki.example.com",
# auth="my-secret-key" # DON'T DO THIS
# )
```
## Contact
For security concerns, contact:
- **Email**: lmiranda@hotserv.cloud
- **Repository**: https://gitea.hotserv.cloud/lmiranda/py-wikijs
## Acknowledgments
We appreciate the security researchers and contributors who help make this project more secure.
Reference in New Issue View Git Blame Copy Permalink