sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4748368809c9e27e8ef4ecd462a5ec4a9d75adb1
orion/.security-rules/data_protection.yaml
Samir Boulahtit 26b3dc9e3b feat: add unified code quality dashboard with multiple validators 
- Add validator_type field to scans and violations (architecture,
  security, performance)
- Create security validator with SEC-xxx rules
- Create performance validator with PERF-xxx rules
- Add base validator class for shared functionality
- Add validate_all.py script to run all validators
- Update code quality service with validator type filtering
- Add validator type tabs to dashboard UI
- Add validator type filter to violations list
- Update stats response with per-validator breakdown
- Add security and performance rules documentation
- Add chat-bubble icons to icon library

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-21 20:57:47 +01:00

68 lines
1.7 KiB
YAML
Raw Blame History

# Data Protection Rules
# =====================
data_protection_rules:
- id: SEC-021
name: PII logging prevention
severity: error
description: >
Never log passwords, tokens, credit cards, or sensitive PII.
- id: SEC-022
name: Sensitive data in URLs
severity: error
description: >
Sensitive data should not appear in URL query parameters.
Use POST body or headers instead.
- id: SEC-023
name: Mass assignment prevention
severity: warning
description: >
Use explicit field assignment, not **kwargs from user input.
- id: SEC-024
name: Error message information leakage
severity: error
description: >
Error messages should not reveal internal details.
No stack traces to users.
- id: SEC-025
name: Secure cookie settings
severity: error
description: >
Cookies must have Secure, HttpOnly, SameSite attributes.
- id: SEC-026
name: Encryption for sensitive data at rest
severity: info
description: >
Consider encrypting sensitive data stored in the database.
- id: SEC-027
name: Data retention limits
severity: info
description: >
Implement data retention policies.
- id: SEC-028
name: Response data filtering
severity: warning
description: >
API responses should not include sensitive internal fields.
Use Pydantic response models.
- id: SEC-029
name: File upload validation
severity: error
description: >
Validate uploaded files by extension AND content type.
Limit file size.
- id: SEC-030
name: Backup encryption
severity: info
description: >
Database backups should be encrypted.
Reference in New Issue View Git Blame Copy Permalink