pacnpal/thrillwiki_django_no_react
1
1
Fork 0
mirror of https://github.com/pacnpal/thrillwiki_django_no_react.git synced 2025-12-23 13:11:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat: Refactor rides app with unique constraints, mixins, and enhanced documentation

Browse Source 
- Added migration to convert unique_together constraints to UniqueConstraint for RideModel.
- Introduced RideFormMixin for handling entity suggestions in ride forms.
- Created comprehensive code standards documentation outlining formatting, docstring requirements, complexity guidelines, and testing requirements.
- Established error handling guidelines with a structured exception hierarchy and best practices for API and view error handling.
- Documented view pattern guidelines, emphasizing the use of CBVs, FBVs, and ViewSets with examples.
- Implemented a benchmarking script for query performance analysis and optimization.
- Developed security documentation detailing measures, configurations, and a security checklist.
- Compiled a database optimization guide covering indexing strategies, query optimization patterns, and computed fields.
This commit is contained in:
pacnpal
2025-12-22 11:17:31 -05:00
parent 45d97b6e68
commit 2e35f8c5d9
71 changed files with 8036 additions and 1462 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
docs/SECURITY_CHECKLIST.md Normal file
View File

@@ -0,0 +1,155 @@
# ThrillWiki Security Checklist
Use this checklist for code reviews and pre-deployment verification.
## Pre-Deployment Checklist
### Django Settings
- [ ] `DEBUG = False`
- [ ] `SECRET_KEY` is unique and strong (50+ characters)
- [ ] `ALLOWED_HOSTS` is configured (no wildcards)
- [ ] `CSRF_TRUSTED_ORIGINS` is configured
- [ ] `SECURE_SSL_REDIRECT = True`
- [ ] `SECURE_HSTS_SECONDS >= 31536000` (1 year)
- [ ] `SECURE_HSTS_INCLUDE_SUBDOMAINS = True`
- [ ] `SECURE_HSTS_PRELOAD = True`
### Cookie Security
- [ ] `SESSION_COOKIE_SECURE = True`
- [ ] `SESSION_COOKIE_HTTPONLY = True`
- [ ] `SESSION_COOKIE_SAMESITE = 'Strict'`
- [ ] `CSRF_COOKIE_SECURE = True`
- [ ] `CSRF_COOKIE_SAMESITE = 'Strict'`
### Database
- [ ] Database password is strong
- [ ] Database connection uses SSL
- [ ] Database user has minimal required permissions
- [ ] No raw SQL with user input
### Environment
- [ ] Environment variables are used for secrets
- [ ] No secrets in version control
- [ ] `.env` file is in `.gitignore`
- [ ] Production logs don't contain sensitive data
## Code Review Checklist
### Input Validation
- [ ] All user input is validated
- [ ] File uploads use `validate_image_upload()`
- [ ] User-generated HTML uses `|sanitize` filter
- [ ] URLs are validated with `sanitize_url()`
- [ ] Form data uses Django forms/serializers
### Output Encoding
- [ ] No `|safe` filter on user-controlled content
- [ ] JSON data uses `json_script` tag
- [ ] JavaScript strings use `escapejs` filter
- [ ] SVG icons use `|sanitize_svg` filter
### Authentication
- [ ] Sensitive views require `@login_required`
- [ ] API views have appropriate `permission_classes`
- [ ] Password changes invalidate sessions
- [ ] Rate limiting on auth endpoints
### Authorization
- [ ] Object-level permissions checked
- [ ] Users can only access their own data
- [ ] Admin actions require proper permissions
- [ ] No privilege escalation paths
### Data Protection
- [ ] Sensitive data not logged
- [ ] PII masked in logs
- [ ] Error messages don't expose internals
- [ ] Secure deletion of sensitive data
### CSRF
- [ ] All forms include `{% csrf_token %}`
- [ ] AJAX requests include CSRF header
- [ ] CSRF exemptions are documented and justified
### SQL Injection
- [ ] No raw SQL with user input
- [ ] No `.extra()` with user input
- [ ] Parameterized queries for raw SQL
- [ ] Django ORM used for queries
## Incident Response
### If a Vulnerability is Found
1. [ ] Document the vulnerability
2. [ ] Assess impact and affected users
3. [ ] Develop and test a fix
4. [ ] Deploy fix to production
5. [ ] Notify affected users if needed
6. [ ] Post-mortem analysis
### If a Breach is Suspected
1. [ ] Isolate affected systems
2. [ ] Preserve logs and evidence
3. [ ] Notify relevant parties
4. [ ] Investigate scope
5. [ ] Remediate and restore
6. [ ] Document lessons learned
## Regular Security Tasks
### Weekly
- [ ] Review error logs for anomalies
- [ ] Check rate limiting effectiveness
- [ ] Monitor failed login attempts
### Monthly
- [ ] Run `python manage.py security_audit`
- [ ] Review and update dependencies
- [ ] Check for security advisories
### Quarterly
- [ ] Full security review
- [ ] Penetration testing
- [ ] Update security documentation
- [ ] Review and rotate secrets
## Security Tools
### Recommended Tools
- **OWASP ZAP**: Web application scanner
- **bandit**: Python security linter
- **safety**: Python dependency checker
- **pip-audit**: Vulnerability scanner for Python packages
### Running Security Scans
```bash
# Run Django security check
python manage.py check --tag=security
# Run security audit
python manage.py security_audit --verbose
# Check for vulnerable dependencies
pip-audit
# Run Python security linter
bandit -r backend/
```