didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

PRD: Extended outbound DLP scan surfaces #205

Merged
didericis merged 7 commits from prd-0053-extended-outbound-scan into main 2026-06-07 23:24:04 -04:00
Conversation 0 Commits 7 Files Changed 6
+862 -25
didericis-claude commented 2026-06-06 13:41:21 -04:00
Collaborator
Copy Link
Copy Source

Closes #204.

PRD 0055

Summary

The outbound DLP scan (PRD 0052) only covers the request body and the Authorization header. This PR extends it to four additional surfaces:

  • All request headers — any header can carry a smuggled credential (e.g. X-Api-Key, Cookie).
  • URL query parameters — e.g. ?api_key=<secret>.
  • URL path segments — e.g. /proxy/<base64-encoded-secret>/endpoint.
  • DNS-level hostname — DNS tunnelling where the secret is encoded in a subdomain label.

A new pure helper build_outbound_scan_text(host, path, query, headers, body) in egress_addon_core.py assembles the scan corpus, keeping the logic unit-testable without mitmproxy. egress_addon.py is updated to call it; the auth-strip ordering invariant from PRD 0052 is preserved.

Closes #204. [PRD 0055](https://gitea.dideric.is/didericis/bot-bottle/src/commit/83a8b6f411e69e5315362dc5a5ec0f8c8c0d1cbb/docs/prds/0055-extended-outbound-scan.md) ## Summary The outbound DLP scan (PRD 0052) only covers the request body and the `Authorization` header. This PR extends it to four additional surfaces: - **All request headers** — any header can carry a smuggled credential (e.g. `X-Api-Key`, `Cookie`). - **URL query parameters** — e.g. `?api_key=<secret>`. - **URL path segments** — e.g. `/proxy/<base64-encoded-secret>/endpoint`. - **DNS-level hostname** — DNS tunnelling where the secret is encoded in a subdomain label. A new pure helper `build_outbound_scan_text(host, path, query, headers, body)` in `egress_addon_core.py` assembles the scan corpus, keeping the logic unit-testable without mitmproxy. `egress_addon.py` is updated to call it; the auth-strip ordering invariant from PRD 0052 is preserved.
didericis-claude changed title from PRD 0053: Extended outbound DLP scan surfaces to PRD 0055: Extended outbound DLP scan surfaces 2026-06-06 16:49:01 -04:00
didericis-claude changed title from PRD 0055: Extended outbound DLP scan surfaces to PRD: Extended outbound DLP scan surfaces 2026-06-06 22:10:42 -04:00
didericis force-pushed prd-0053-extended-outbound-scan from 10236528d2 to bf8eeb8d3d 2026-06-07 22:42:35 -04:00 Compare
didericis added 7 commits 2026-06-07 23:19:16 -04:00
docs(prd): PRD 0053 extended outbound DLP scan surfaces 2c51bc47e8
feat(egress): extend outbound DLP scan to headers, query params, path, and hostname (PRD 0053) b1283a0e7b
fix(types): resolve pyright errors in test_egress_addon_core 76e38b24e6
feat(dlp): websocket scanning, response headers, extended encoding variants, sk-proj pattern (PRD 0053) 1ecef55fea
feat(dlp): add 7 token patterns, Unicode normalization, CRLF injection detection (PRD 0053) 451e6fc2fc 
Token patterns: HuggingFace (hf_), Databricks (dapi), Slack (xox[baprs]-),
npm (npm_), SendGrid (SG.x.y), PyPI (pypi-), HashiCorp Vault (hvs.).

Unicode normalization (_normalize_text) applies NFKD + strips combining
marks and control chars before pattern matching, defeating fullwidth-char
and combining-mark evasion.

CRLF injection (scan_crlf_injection) detects %0d%0a in URLs and literal
\r\n header-injection patterns; runs unconditionally in scan_outbound
regardless of outbound_detectors config.
docs(prd): renumber PRD 0053 → 0055 (0053 slot claimed by user-provider-plugins) 11a8f3ba99
ci(prd): rename PRD to prd-new placeholder per new convention
test / unit (pull_request) Successful in 37s
Details
test / integration (pull_request) Successful in 49s
Details
lint / lint (push) Successful in 1m30s
Details
prd-number / assign-numbers (push) Successful in 32s
Details
test / unit (push) Successful in 31s
Details
test / integration (push) Successful in 42s
Details
Update Quality Badges / update-badges (push) Successful in 1m11s
Details
652c8cb5a7
didericis force-pushed prd-0053-extended-outbound-scan from bf8eeb8d3d to 652c8cb5a7 2026-06-07 23:19:16 -04:00 Compare
didericis merged commit 652c8cb5a7 into main 2026-06-07 23:24:04 -04:00
didericis deleted branch prd-0053-extended-outbound-scan 2026-06-07 23:24:05 -04:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#205
Delete Branch "prd-0053-extended-outbound-scan"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?