Skip to content

Audit: fix additional API privacy, diagnostics, and startup consistency bugs #66

Description

@rolling-codes

Summary

Follow-up audit found additional non-critical bugs that should be tracked separately from the severe Backup API blockers in #65 and the main API/profile/library/export set in #64.

Each finding below includes a severity classification.

Findings

1. Medium: Backup list API exposes absolute backup file paths

Classification: Medium / privacy leak

GET /api/v1/backups returns BackupFileDto with FilePath: info.FullName.

Impact: Local API clients receive full absolute backup paths, exposing the user's filesystem layout. This is inconsistent with support-bundle sanitization work elsewhere.

Expected fix: return only FileName, size, and timestamps from the list endpoint. Resolve the absolute path server-side during restore/delete.


2. Low-medium: Patrol readiness RPH message is misleading for incomplete RPH installs

Classification: Low-medium / diagnostic accuracy

RPH presence is now determined by complete install state, but /api/v1/patrol-readiness reports only:

RAGEPluginHook.exe is missing — LSPDFR cannot launch.

If RAGEPluginHook.exe exists but RagePluginHook.dll is missing, the message points users to the wrong missing file.

Expected fix: change the blocking message to something like:

RAGE Plugin Hook install is incomplete — RAGEPluginHook.exe or RagePluginHook.dll is missing.

3. Low-medium: Local API /health returns hardcoded version 1.0

Classification: Low-medium / stale diagnostics

Program.cs maps /health to return version = "1.0".

Impact: diagnostics and support tools can show stale API version information even when project/assembly metadata changes.

Expected fix: read from assembly metadata, e.g.:

typeof(Program).Assembly.GetName().Version?.ToString(3)

4. Medium-high: Browse API executable naming is inconsistent with LocalApi project output

Classification: Medium-high / startup failure risk

BrowseApiServiceManager searches for LSPDFRManager.Api.exe, but the project is LSPDFRManager.LocalApi and the project file does not set <AssemblyName>LSPDFRManager.Api</AssemblyName>.

Impact: API auto-start can fail to locate the executable even when LocalApi is built correctly.

Expected fix: either:

  • update startup discovery to look for LSPDFRManager.LocalApi.exe, or
  • intentionally set <AssemblyName>LSPDFRManager.Api</AssemblyName> in LSPDFRManager.LocalApi.csproj.

5. Medium: Browse API base URL validation allows arbitrary absolute URLs

Classification: Medium / local proxy hardening

ConfigEndpoints.PutConfig validates BrowseApiBaseUrl only as an absolute URL. BrowseEndpoints later proxies search requests to that configured URL.

Impact: a local client can configure the app to proxy Browse API calls to arbitrary hosts. This is usually local-only, but it is unnecessary attack surface for a localhost manager API.

Expected fix: restrict BrowseApiBaseUrl to loopback HTTP origins, such as http://localhost:<port> or http://127.0.0.1:<port>.


6. Low-medium: BackupService records LastBackupDate using local time

Classification: Low-medium / scheduling drift

BackupService.CreateBackupAsync sets config.LastBackupDate = DateTime.Now, while scheduler logic elsewhere compares against UTC.

Impact: scheduled backup behavior can drift or appear inconsistent across time zones / DST transitions.

Expected fix: store UTC consistently, e.g. DateTime.UtcNow, and treat the config field as UTC.

Acceptance criteria

  • Backup list endpoint no longer returns absolute file paths.
  • Patrol readiness reports incomplete RPH install accurately when either RPH file is missing.
  • /health reports assembly/project version rather than hardcoded 1.0.
  • Browse API auto-start uses the actual LocalApi executable name or an explicit assembly name override.
  • Browse API base URL is restricted to loopback HTTP origins.
  • Backup timestamp storage uses UTC consistently.

Related issues

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions