Security audit findings and critical fixes for v0.6.0

[pelle]

Summary

This PR addresses critical security findings from a comprehensive audit of the tap-rs codebase. The audit identified 47 findings across severity levels, with 1 CRITICAL, 9 HIGH, 18 MEDIUM, 14 LOW, and 5 INFO issues. This PR implements fixes for the most critical vulnerabilities while documenting all findings in an updated security audit report.

Key Changes

Critical Security Fixes

• SQL Injection in tap-mcp: Added validate_table_name() function to sanitize table names against an allowlist pattern ([a-zA-Z0-9_]). Parameterized table name queries where possible and enforced read-only mode via PRAGMA query_only = ON in database tools.

• Financial Amount Validation: Enhanced validation in tap-msg to explicitly reject NaN, Infinity, and -Infinity values in Transfer, Payment, and Settle messages. Added checks for finite positive numbers only.

• Request Body Size Limits: Added 1MB body size limit to the /didcomm POST endpoint in tap-http using warp::body::content_length_limit() to prevent memory exhaustion DoS.

• Agent Creation DoS: Implemented max_agents configuration (default 100) in tap-http to prevent unbounded agent creation via the /.well-known/did.json endpoint. Added agent count validation before creating new agents.

High-Severity Mitigations

• Error Information Disclosure: Changed HTTP error responses to return generic messages ("Internal server error") instead of exposing internal implementation details, database errors, and file paths.

• Path Traversal in DID Sanitization: Enhanced DID-to-directory-name sanitization in tap-node/src/storage/db.rs to reject path traversal attempts (.., /, \ characters).

• External Decision Process Communication: Fixed ExternalDecisionManager to properly return tool call results back to external processes via stdin, enabling proper feedback loops for decision executables.

Documentation and Configuration

• Updated SECURITY_AUDIT.md with comprehensive findings report (47 total issues documented with severity levels, impact analysis, and remediation guidance)
• Updated version to 0.6.0 across all Cargo.toml files and package.json
• Enhanced README.md with clearer installation instructions for CLI tools and library usage
• Added installation sections to individual crate READMEs (tap-cli, tap-http, tap-mcp, tap-agent, tap-msg, tap-caip, tap-ivms101, tap-node)

Code Quality Improvements

• Improved error handling in tap-node/src/storage/db.rs by replacing .expect() with proper Result error propagation for home directory resolution
• Refactored directory resolution logic to use match expressions instead of closures for better readability
• Added max_agents configuration field to TapHttpConfig

Notable Implementation Details

• Table name validation uses a strict allowlist pattern: alphanumeric characters and underscores only, max 128 characters, must start with letter or underscore
• Read-only enforcement at database level prevents bypass attempts like CTEs or multi-statement queries
• Agent limit is configurable but defaults to 100 to balance functionality with DoS protection
• Error messages are now generic to external clients while detailed logging remains server-side

Security Audit Findings

The comprehensive audit report documents:

• CRITICAL (1): SQL injection in MCP database schema tool
• HIGH (9): NaN/Infinity bypass, validation not enforced on deserialization, unbounded agent creation, missing body size limits, error disclosure, read-only filter bypass, plaintext key storage in WASM, insecure example code, no encryption at rest
• MEDIUM (18): Type confusion, panicking in library code, unbounded string fields, missing security headers, no CORS policy, no rate limiting, TLS not implemented, and others
• LOW (14) and INFO (5): Additional findings documented for future remediation

All findings include impact analysis and specific remediation guidance.

https://claude.ai/code/session_01ALedUuACxHFYsgqVp1vjJa