fix: add WhatsApp webhook signature verification (X-Hub-Signature-256)
Closes #51 - Add HMAC-SHA256 signature verification for WhatsApp webhooks - Prevents message spoofing attacks (CWE-345) - Add whatsapp_app_secret config field with ZEROCLAW_WHATSAPP_APP_SECRET env override - Add 13 comprehensive unit tests Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Argenis
GitHub
parent
026a917544
commit
5cc02c5813
13 changed files with 453 additions and 17 deletions
18
Cargo.lock
generated
18
Cargo.lock
generated
|
|
@ -396,6 +396,7 @@ checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
|
|||
dependencies = [
|
||||
"block-buffer",
|
||||
"crypto-common",
|
||||
"subtle",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
|
@ -644,6 +645,21 @@ version = "0.5.0"
|
|||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
|
||||
|
||||
[[package]]
|
||||
name = "hex"
|
||||
version = "0.4.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
|
||||
|
||||
[[package]]
|
||||
name = "hmac"
|
||||
version = "0.12.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
|
||||
dependencies = [
|
||||
"digest",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "hostname"
|
||||
version = "0.4.2"
|
||||
|
|
@ -2553,6 +2569,8 @@ dependencies = [
|
|||
"dialoguer",
|
||||
"directories",
|
||||
"futures-util",
|
||||
"hex",
|
||||
"hmac",
|
||||
"hostname",
|
||||
"http-body-util",
|
||||
"reqwest",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue