Added more security

2026-06-24 06:47:13 +02:00
parent e9a815dd2a
commit 2c5b69bf2c
6 changed files with 638 additions and 12 deletions
@@ -877,6 +877,174 @@ public enum DisconnectReason
 }
 ```

+## Key Security Enhancements
+
+### 1. New Security Validation Layer (SecurityValidator.cs)
+
+**Location:** `EonaCat.Connections/Helpers/SecurityValidator.cs`
+
+**Features:**
+- **Length Prefix Validation** - Prevents buffer overflow and memory exhaustion by validating message lengths against configured maximum
+- **Message Stream Size Validation** - Detects decompression bombs and message accumulation attacks
+- **UDP Packet Validation** - Ensures UDP packets don't exceed buffer boundaries
+- **Rate Limiting** - Implements token-bucket style rate limiting per source address to prevent DoS attacks
+- **HTTP Header Validation** - Detects header injection attacks by checking for newline and null byte characters
+- **Delimiter Validation** - Prevents delimiter injection attacks
+- **Compression Ratio Validation** - Detects decompression bomb attacks
+- **Error Message Sanitization** - Prevents information leakage in error responses
+- **Rate Limit Cache Cleanup** - Prevents memory leaks from rate limit tracking
+
+### 2. Configuration Security Settings
+
+```csharp
+public long MaxMessageStreamSize { get; set; } = 500 * 1024 * 1024; // 500 MB
+public int MaxMessagesPerSecond { get; set; } = 0; // 0 = unlimited
+public bool EnableLengthPrefixValidation { get; set; } = true;
+public int MaxUdpPacketsPerSecond { get; set; } = 0; // 0 = unlimited
+public int MaxHealthApiRequestSize { get; set; } = 10 * 1024 * 1024; // 10 MB
+public bool EnableErrorMessageSanitization { get; set; } = true;
+public bool EnableRateLimitCacheCleanup { get; set; } = true;
+public int RateLimitCacheCleanupIntervalSeconds { get; set; } = 300;
+public bool EnableHttpHeaderValidation { get; set; } = true;
+```
+
+**Benefits:**
+- Configurable security thresholds for different deployment scenarios
+- Ability to fine-tune security vs. performance trade-offs
+- Granular control over which protections are enabled
+
+### 3. NetworkServer Hardening
+
+1. **Message Extraction Validation**
+   - Updated `TryExtractLengthPrefixedMessage()` to use SecurityValidator for length prefix validation
+   - Added checks to prevent message stream from exceeding configured maximum size
+   - Enhanced error messages to indicate validation failures
+
+2. **Message Stream Protection**
+   - `HandleClientCommunicationAsync()` now validates message stream size before writing received data
+   - Prevents accumulation of large amounts of buffered data that could exhaust memory
+   - Disconnects clients that exceed limits with proper error logging
+
+3. **UDP Rate Limiting**
+   - `HandleUdpDataAsync()` implements packet size validation
+   - UDP packet rate limiting prevents flood attacks
+   - Per-source tracking of packet rates
+
+4. **Background Cleanup Task**
+   - Added `CleanupRateLimitCacheAsync()` to periodically clean up rate limit entries
+   - Prevents memory leaks from unbounded cache growth
+   - Configurable cleanup interval
+
+5. **Startup Integration**
+   - Rate limit cache cleanup task integrated into server startup
+   - Runs as background task with configurable interval
+
+### 4. NetworkClient Hardening
+
+1. **Length-Prefixed Message Validation**
+   - Updated `ReceiveLengthPrefixedMessagesAsync()` to validate length prefixes using SecurityValidator
+   - Added dedicated exception handling for malformed length messages
+   - Improved error messages for validation failures
+
+2. **Delimiter-Based Message Protection**
+   - Enhanced `ReceiveDelimiterAsync()` with max message stream size enforcement
+   - Added checks for accumulated message buffer size
+   - Prevents memory exhaustion from large buffered data
+
+### 5. HealthApiServer REST API Hardening
+
+1. **Request Size Limits**
+   - New `MaxRequestSize` property to enforce maximum HTTP request/response size
+   - Defaults to 10 MB, configurable before server starts
+   - Request line limited to 8192 bytes
+   - Total headers limited to 65536 bytes
+
+2. **HTTP Header Security**
+   - Enhanced `ReadRequestLineAsync()` to validate for invalid control characters
+   - Rejects null bytes (0x00) in request lines
+   - `DrainHeadersAsync()` validates header size and detects null bytes
+   - Prevents header-based injection attacks
+
+3. **Response Security Hardening**
+   - `WriteResponseAsync()` validates response body size against limit
+   - Content-Type validation prevents injection of control characters
+   - Additional security headers added:
+	 - `X-Frame-Options: DENY` - Clickjacking protection
+	 - `X-XSS-Protection: 1; mode=block` - XSS protection
+	 - `Strict-Transport-Security` - Forces HTTPS
+	 - `Pragma: no-cache` - Additional cache control
+   - Improved error handling for oversized responses
+
+## Attack Vectors Mitigated
+
+### 1. Buffer Overflow Attacks
+- **Mitigation:** Length prefix validation, buffer size checks, message size limits
+- **Implementation:** SecurityValidator validates all length values before buffer allocation
+
+### 2. Memory Exhaustion / Decompression Bombs
+- **Mitigation:** MaxMessageStreamSize configuration, per-message size limits
+- **Implementation:** Accumulated stream size checked before each write operation
+
+### 3. Slow Loris / Slowhttptest Attacks
+- **Mitigation:** Request timeouts, header size limits
+- **Implementation:** Network timeouts and maximum header sizes enforced
+
+### 4. UDP Flood / Amplification Attacks
+- **Mitigation:** UDP rate limiting, packet size validation
+- **Implementation:** Per-source rate limiting with configurable thresholds
+
+### 5. HTTP Header Injection
+- **Mitigation:** HTTP header validation, null byte detection
+- **Implementation:** SecurityValidator checks for newlines and null bytes in headers
+
+### 6. Malformed Packet Attacks
+- **Mitigation:** Strict validation of message framing and length prefixes
+- **Implementation:** Enhanced error handling with specific exceptions for malformed data
+
+### 7. Information Leakage
+- **Mitigation:** Error message sanitization
+- **Implementation:** Sensitive error details hidden from clients, detailed logs for server admins
+
+### 8. Rate Limiting / DoS
+- **Mitigation:** Per-client/source rate limiting capability
+- **Implementation:** SecurityValidator.CheckRateLimit with configurable thresholds
+
+## Configuration Best Practices
+
+### Production Deployment
+```csharp
+var config = new Configuration
+{
+	// Message constraints
+	MAX_MESSAGE_SIZE = 100 * 1024 * 1024,           // 100 MB
+	MaxMessageStreamSize = 500 * 1024 * 1024,        // 500 MB
+
+	// Rate limiting
+	MaxMessagesPerSecond = 1000,                      // Per client
+	MaxUdpPacketsPerSecond = 5000,                    // Per source
+	MaxHealthApiRequestSize = 10 * 1024 * 1024,      // 10 MB
+
+	// Security features
+	EnableLengthPrefixValidation = true,
+	EnableErrorMessageSanitization = true,
+	EnableRateLimitCacheCleanup = true,
+	EnableHttpHeaderValidation = true
+};
+```
+
+### High-Security Deployment
+```csharp
+var config = new Configuration
+{
+	MAX_MESSAGE_SIZE = 10 * 1024 * 1024,             // 10 MB
+	MaxMessageStreamSize = 50 * 1024 * 1024,         // 50 MB
+	MaxMessagesPerSecond = 100,                       // Strict rate limit
+	MaxUdpPacketsPerSecond = 500,                     // Strict UDP limit
+	MaxHealthApiRequestSize = 1 * 1024 * 1024,       // 1 MB
+	// All security features enabled by default
+};
+```
+
 ## Performance Considerations

 ### Optimization Tips