🛡️ Sentinel: [CRITICAL] Fix hardcoded JWT secret fallback in templates#185
🛡️ Sentinel: [CRITICAL] Fix hardcoded JWT secret fallback in templates#185Tuntii wants to merge 1 commit into
Conversation
The `full.rs` code generation template in `cargo-rustapi` previously used `.unwrap_or_else()` to fall back to a hardcoded string ("dev-secret-change-in-production") if the `JWT_SECRET` environment variable was missing. This patch modifies the logic to use `.map_err()` to return a secure internal server error instead, ensuring applications generated from this template fail securely rather than silently adopting an insecure default secret.
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
There was a problem hiding this comment.
Pull request overview
This PR updates the cargo-rustapi “full” project template to avoid generating applications that can silently fall back to a known default JWT signing secret when JWT_SECRET is missing, instead returning an error.
Changes:
- Removed the hardcoded JWT secret fallback in the generated
loginhandler. - Converts a missing/invalid
JWT_SECRETinto anApiError::internal(...)error rather than continuing with an insecure secret.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| let jwt_secret = std::env::var("JWT_SECRET") | ||
| .unwrap_or_else(|_| "dev-secret-change-in-production".to_string()); | ||
| .map_err(|_| ApiError::internal("JWT_SECRET environment variable is not set"))?; |
🚨 Severity: CRITICAL
💡 Vulnerability: The
fullproject template incargo-rustapiprovided a hardcoded default string ("dev-secret-change-in-production") if theJWT_SECRETenvironment variable was missing.🎯 Impact: Applications generated from this template could be inadvertently deployed to production with a known, insecure default secret if the environment configuration was missed, leading to critical authentication bypasses.
🔧 Fix: Replaced
.unwrap_or_else()with.map_err(), returning anApiError::internal("JWT_SECRET environment variable is not set")when the secret is missing.✅ Verification: Verified by running
cargo checkandcargo test -p cargo-rustapito ensure no functionality is broken and templates are correctly generated.PR created automatically by Jules for task 3037792376267280363 started by @Tuntii