1.5 KiB
Sentinel's Journal
2026-02-07 - Telegram Bot Authorization Bypass
Vulnerability: The Telegram Deployment Bot (scripts/telegram_deploy_bot.py) contained a "Fail Open" vulnerability where omitting the TELEGRAM_ALLOWED_USER_IDS environment variable resulted in granting access to all Telegram users instead of none.
Learning: Security controls must default to deny (Fail Closed). Implicitly allowing access when configuration is missing creates silent vulnerabilities that are hard to detect until exploited.
Prevention: Ensure all authorization checks explicitly return False or throw an exception if the access control list is empty or undefined. Never default to True in security-critical paths.
2026-02-13 - [Documentation] Cloudflare Nameservers and Domain Unification
- Updated Cloudflare nameservers to daisy.ns.cloudflare.com and rocco.ns.cloudflare.com.
- Unified domain name to lengkundee01.org across CNAME and PWA documentation.
2026-02-18 - [Telegram Bot Async & Output Safety]
Vulnerability: Blocking I/O in async function (subprocess.run inside async def status) caused DoS by freezing the event loop. Also, unescaped command output injected into Telegram HTML messages (parse_mode='HTML') caused API errors and potential HTML injection.
Learning: subprocess.run is synchronous and blocks async applications. parse_mode='HTML' in Telegram requires escaping of special characters.
Prevention: Use asyncio.create_subprocess_exec for async subprocesses. Use html.escape() for dynamic content in HTML messages.