Skip to content

Commit 6c520b2

Browse files
albertoivoalbertoivo
authored
Merge pull request #134 from albertoivo/sentinel-security-fixes-13143021496259646930
🛡️ Sentinel: [Security Enhancement] Enforce input limits and strengthen password policy
2 parents cf29f9e + 6081a48 commit 6c520b2

File tree

2 files changed

+16
-11
lines changed

2 files changed

+16
-11
lines changed

firestore.rules

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,11 @@ service cloud.firestore {
2020
function isValidString(field, maxLength) {
2121
return field is string && field.size() <= maxLength;
2222
}
23+
24+
// Valida que um campo é lista com tamanho máximo
25+
function isValidList(field, maxSize) {
26+
return field is list && field.size() <= maxSize;
27+
}
2328

2429
// Valida que um número está dentro de um range
2530
function isValidNumber(field, min, max) {
@@ -87,7 +92,7 @@ service cloud.firestore {
8792
// Valida balance se presente (0 a 9.999.999)
8893
(!('balance' in request.resource.data) || isValidNumber(request.resource.data.balance, 0, 9999999)) &&
8994
// Valida unlockedWorlds (deve ser lista)
90-
(!('unlockedWorlds' in request.resource.data) || request.resource.data.unlockedWorlds is list);
95+
(!('unlockedWorlds' in request.resource.data) || isValidList(request.resource.data.unlockedWorlds, 1000));
9196
}
9297

9398
// ============================================
@@ -116,17 +121,17 @@ service cloud.firestore {
116121
(!('currentStreak' in request.resource.data.streak) || isValidNumber(request.resource.data.streak.currentStreak, 0, 9999)) &&
117122
(!('longestStreak' in request.resource.data.streak) || isValidNumber(request.resource.data.streak.longestStreak, 0, 9999)) &&
118123
(!('lastActivityDate' in request.resource.data.streak) || isValidString(request.resource.data.streak.lastActivityDate, 10)) &&
119-
(!('activityHistory' in request.resource.data.streak) || request.resource.data.streak.activityHistory is list)
124+
(!('activityHistory' in request.resource.data.streak) || isValidList(request.resource.data.streak.activityHistory, 50))
120125
)) &&
121126
// Valida achievements (Lista)
122-
(!('achievements' in request.resource.data) || request.resource.data.achievements is list) &&
127+
(!('achievements' in request.resource.data) || isValidList(request.resource.data.achievements, 1000)) &&
123128
// Valida activeMissions (Lista)
124-
(!('activeMissions' in request.resource.data) || request.resource.data.activeMissions is list) &&
129+
(!('activeMissions' in request.resource.data) || isValidList(request.resource.data.activeMissions, 50)) &&
125130
// Valida inventory (Map)
126131
(!('inventory' in request.resource.data) || (
127132
request.resource.data.inventory is map &&
128133
hasOnly(request.resource.data.inventory, ['ownedItems', 'equippedAvatar', 'equippedFrame', 'equippedTitle']) &&
129-
(!('ownedItems' in request.resource.data.inventory) || request.resource.data.inventory.ownedItems is list) &&
134+
(!('ownedItems' in request.resource.data.inventory) || isValidList(request.resource.data.inventory.ownedItems, 1000)) &&
130135
(!('equippedAvatar' in request.resource.data.inventory) || isValidString(request.resource.data.inventory.equippedAvatar, 100)) &&
131136
(!('equippedFrame' in request.resource.data.inventory) || isValidString(request.resource.data.inventory.equippedFrame, 100)) &&
132137
(!('equippedTitle' in request.resource.data.inventory) || isValidString(request.resource.data.inventory.equippedTitle, 100))
@@ -164,7 +169,7 @@ service cloud.firestore {
164169
(!('totalQuestionsCompleted' in request.resource.data.stats) || isValidNumber(request.resource.data.stats.totalQuestionsCompleted, 0, 999999)) &&
165170
(!('totalCorrectAnswers' in request.resource.data.stats) || isValidNumber(request.resource.data.stats.totalCorrectAnswers, 0, 999999)) &&
166171
(!('lastWeekendDate' in request.resource.data.stats) || isValidString(request.resource.data.stats.lastWeekendDate, 10)) &&
167-
(!('completedWorldIds' in request.resource.data.stats) || request.resource.data.stats.completedWorldIds is list)
172+
(!('completedWorldIds' in request.resource.data.stats) || isValidList(request.resource.data.stats.completedWorldIds, 100))
168173
));
169174
}
170175

src/pages/RegisterPage.tsx

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -41,8 +41,8 @@ export function RegisterPage() {
4141
return;
4242
}
4343

44-
if (password.length < 6) {
45-
setLocalError('A senha deve ter pelo menos 6 caracteres');
44+
if (password.length < 8) {
45+
setLocalError('A senha deve ter pelo menos 8 caracteres');
4646
return;
4747
}
4848

@@ -154,12 +154,12 @@ export function RegisterPage() {
154154
</label>
155155
<PasswordInput
156156
id="password"
157-
placeholder="Mínimo 6 caracteres"
157+
placeholder="Mínimo 8 caracteres"
158158
value={password}
159159
onChange={(e) => setPassword(e.target.value)}
160160
required
161161
disabled={isLoading}
162-
minLength={6}
162+
minLength={8}
163163
/>
164164
</div>
165165

@@ -174,7 +174,7 @@ export function RegisterPage() {
174174
onChange={(e) => setConfirmPassword(e.target.value)}
175175
required
176176
disabled={isLoading}
177-
minLength={6}
177+
minLength={8}
178178
/>
179179
</div>
180180

0 commit comments

Comments
 (0)