fix tests. new product advisories enhancements
This commit is contained in:
master
28
docs/notifications/security/redaction-catalog.md
Normal file
28
docs/notifications/security/redaction-catalog.md
Normal file
@@ -0,0 +1,28 @@
|
||||
# Redaction Catalog
|
||||
|
||||
This document catalogs the redaction rules applied to notification payloads.
|
||||
|
||||
## Overview
|
||||
|
||||
The redaction catalog ensures that sensitive information is not exposed in notifications.
|
||||
|
||||
## Redaction Rules
|
||||
|
||||
### Personal Identifiable Information (PII)
|
||||
- Email addresses are partially redacted
|
||||
- IP addresses are anonymized
|
||||
- User names are replaced with user IDs
|
||||
|
||||
### Credentials
|
||||
- API keys are fully redacted
|
||||
- Passwords are never included
|
||||
- Tokens are truncated to first/last 4 characters
|
||||
|
||||
### Internal Data
|
||||
- Internal URLs are replaced with public equivalents
|
||||
- Database IDs are not exposed
|
||||
- Stack traces are summarized
|
||||
|
||||
## Configuration
|
||||
|
||||
Redaction rules can be customized per tenant and notification channel.
|
||||
19
docs/notifications/security/tenant-approvals.md
Normal file
19
docs/notifications/security/tenant-approvals.md
Normal file
@@ -0,0 +1,19 @@
|
||||
# Tenant Approvals
|
||||
|
||||
This document describes the tenant approval process for notification delivery.
|
||||
|
||||
## Overview
|
||||
|
||||
Tenant approvals ensure that notifications are only sent to approved tenants with proper configuration.
|
||||
|
||||
## Approval Process
|
||||
|
||||
1. Tenant submits a request for notification access
|
||||
2. Admin reviews the request and approves/denies
|
||||
3. Approved tenants can configure notification channels
|
||||
|
||||
## Security Considerations
|
||||
|
||||
- All approval decisions are logged for audit purposes
|
||||
- Approvals can be revoked at any time
|
||||
- Cross-tenant notifications are blocked by default
|
||||
22
docs/notifications/security/webhook-ack-hardening.md
Normal file
22
docs/notifications/security/webhook-ack-hardening.md
Normal file
@@ -0,0 +1,22 @@
|
||||
# Webhook Acknowledgment Hardening
|
||||
|
||||
This document describes the security measures for webhook acknowledgment validation.
|
||||
|
||||
## Overview
|
||||
|
||||
Webhook acknowledgment hardening ensures that webhook deliveries are properly verified and acknowledged.
|
||||
|
||||
## Security Measures
|
||||
|
||||
- HMAC signature verification for all webhook payloads
|
||||
- Timeout handling for slow webhook endpoints
|
||||
- Retry logic with exponential backoff
|
||||
- Dead letter queue for failed deliveries
|
||||
|
||||
## Configuration
|
||||
|
||||
Webhook endpoints must be configured with:
|
||||
- Secret key for HMAC signing
|
||||
- Signature header name
|
||||
- Timeout duration
|
||||
- Maximum retry attempts
|
||||
Reference in New Issue
Block a user