Skip to content

PR: Sub Issue 1 - Security hardening (SSL bypass fix, HTTP auth, HttpClient pooling)#311

Closed
JusterZhu wants to merge 1 commit into
masterfrom
feature/security-hardening
Closed

PR: Sub Issue 1 - Security hardening (SSL bypass fix, HTTP auth, HttpClient pooling)#311
JusterZhu wants to merge 1 commit into
masterfrom
feature/security-hardening

Conversation

@JusterZhu
Copy link
Copy Markdown
Collaborator

@JusterZhu JusterZhu commented May 23, 2026

Summary

Closes #308

Changes

  • Fix SSL bypass: Removed \CheckValidationResult\ returning always \ rue. Replaced with \StrictSslValidationPolicy\
  • \ISslValidationPolicy\ interface: Pluggable cert validation (users can implement custom policies like cert pinning)
  • \IHttpAuthProvider\ abstraction: 4 built-in implementations:
    • \BearerTokenAuthProvider\ — JWT/OAuth2
    • \ApiKeyAuthProvider\ — X-Api-Key header
    • \HmacAuthProvider\ — HMAC-SHA256 signing
    • \NoOpAuthProvider\ — no auth (default)
  • HttpClient pooling: Static singleton shared handler — eliminates port exhaustion
  • Retry logic: Exponential backoff (3 attempts) for transient failures
  • Backward compatible: All existing static API preserved

Build

✅ GeneralUpdate.Common — 0 errors
✅ GeneralUpdate.Core — 0 errors
✅ GeneralUpdate.ClientCore — 0 errors

@JusterZhu
feat(security): fix SSL bypass, add IHttpAuthProvider, HttpClient poo…
24a7cc2 
…ling

- Remove CheckValidationResult() returning always true
- Add StrictSslValidationPolicy (default: only accept valid certs)
- Add ISslValidationPolicy interface for pluggable cert validation
- Add IHttpAuthProvider abstraction with 4 implementations:
  BearerTokenAuthProvider, ApiKeyAuthProvider, HmacAuthProvider, NoOpAuthProvider
- Add HttpAuthProviderFactory for auto-selection
- Replace per-request new HttpClient() with static singleton shared handler
- Add exponential-backoff retry (3 attempts, 1s/2s/4s)
- Preserve backward-compatible static API surface

Closes #308
Copilot AI review requested due to automatic review settings May 23, 2026 23:23
@JusterZhu
Copy link
Copy Markdown
Collaborator Author

JusterZhu commented May 23, 2026

Closing: must execute Sub Issue 2 (merge projects) before Sub Issue 1 (security hardening). Will re-implement in unified Core.

@JusterZhu JusterZhu closed this May 23, 2026
@JusterZhu JusterZhu deleted the feature/security-hardening branch May 23, 2026 23:25
@JusterZhu JusterZhu review requested due to automatic review settings May 23, 2026 23:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Sub Issue 1: Security hardening - SSL bypass, HttpClient pooling, HTTP auth abstraction

1 participant

@JusterZhu