59 lines
1.3 KiB
Markdown
59 lines
1.3 KiB
Markdown
# Security Review
|
|
|
|
## Scope
|
|
|
|
Project:
|
|
|
|
```text
|
|
Modrinth Plus
|
|
```
|
|
|
|
Reviewed version or commit:
|
|
|
|
```text
|
|
main
|
|
```
|
|
|
|
## Code Patterns Checked
|
|
|
|
- [ ] No `eval`.
|
|
- [ ] No dynamic `Function` constructor.
|
|
- [ ] No unsafe HTML injection.
|
|
- [ ] No unexpected shell execution.
|
|
- [x] External network calls documented for Connected Library.
|
|
- [x] No private Connected Library credentials are persisted in v1.
|
|
- [x] Connected Library requires HTTPS manifest and `.mrpack` URLs.
|
|
- [x] MrTrust signing secrets are expected only as Gitea Actions secrets.
|
|
|
|
## Dependency Review
|
|
|
|
Command:
|
|
|
|
```bash
|
|
pnpm --filter @modrinth/app-frontend run lint
|
|
cargo clippy --package theseus
|
|
```
|
|
|
|
Result:
|
|
|
|
```text
|
|
Pending successful Gitea Actions run.
|
|
```
|
|
|
|
## Runtime Review
|
|
|
|
- [x] Connected Library manifests are stored locally in SQLite.
|
|
- [x] Connected Library auto-update is disabled by default.
|
|
- [x] `GITEA_TOKEN` is only for local agent API checks, not runtime app use.
|
|
- [x] MrTrust signing does not bypass Defender, SmartScreen, UAC, or enterprise policy.
|
|
- [ ] Full Tauri runtime permission review pending.
|
|
|
|
## Release Notes
|
|
|
|
Known residual risks:
|
|
|
|
```text
|
|
Connected Library update behavior is conservative and does not yet implement strict removed-file sync.
|
|
Windows trust depends on publishing artifacts signed with the same certificate chain installed by MrTrust.
|
|
```
|