Skip to content

Add audit logging for sec events#410

Merged
schiwekM merged 27 commits intomainfrom
add-audit-logging-for-sec-events
Mar 25, 2026
Merged

Add audit logging for sec events#410
schiwekM merged 27 commits intomainfrom
add-audit-logging-for-sec-events

Conversation

@schiwekM
Copy link
Copy Markdown
Contributor

@schiwekM schiwekM commented Mar 24, 2026
edited
Loading

Adding audit logging for sec events in case @cap-js/audit-logging is a dependency.

Depends on #404

ansgarlichter and others added 12 commits March 13, 2026 09:33
@ansgarlichter
feat: rejection events
99da2ad
@ansgarlichter
Merge branch 'main' into feat/emit-events-for-security-relevant-rejec…
d383bb0 
…tions
@ansgarlichter
feat: add acceptable media types to AttachmentUploadRejected event
c47b7d1
@ansgarlichter @schiwekM
refactor: await event
823a3e5 
Co-authored-by: Marten Schiwek <marten.schiwek@sap.com>
@ansgarlichter @schiwekM
refactor: await event
fae766f 
Co-authored-by: Marten Schiwek <marten.schiwek@sap.com>
@ansgarlichter @schiwekM
refactor: await event
94e633b 
Co-authored-by: Marten Schiwek <marten.schiwek@sap.com>
@ansgarlichter
fix: emit events inside cds.spawn to get consumers possibility to rea…
8f6dbe6 
…ct even if transaction is rolled back
@ansgarlichter
Merge branch 'feat/emit-events-for-security-relevant-rejections' of g…
698a554 
…ithub.com:ansgarlichter/attachments into feat/emit-events-for-security-relevant-rejections
@ansgarlichter
fix: linting
e8f3872
@KoblerS
Merge branch 'main' into feat/emit-events-for-security-relevant-rejec…
836c337 
…tions
@schiwekM
Adding audit-logging for sec events
0dcbfd6
@schiwekM
Formatting
d50c7be
hyperspace-insights[bot]
hyperspace-insights bot reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@hyperspace-insights hyperspace-insights bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR introduces audit logging for security events (download rejected, size exceeded, upload rejected) by emitting named events from the attachments service and registering a handler that forwards them to @cap-js/audit-logging when present. The overall approach is sound, but there are a few correctness issues: a no-op ?? undefined that fails to suppress falsy-but-non-nullish IP values, a missing return after req.reject that could cause fall-through in non-throwing mock contexts, and a partial fake req object passed to validateAttachmentMimeType that may throw if _attachments is absent on the entity definition.

PR Bot Information

Version: 1.19.1 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback

  • Event Trigger: pull_request.opened
  • LLM: anthropic--claude-4.6-sonnet
  • Correlation ID: 31682370-2763-11f1-925e-15752cecceb9

Comment thread srv/basic.js Outdated
Comment thread srv/basic.js Outdated
Comment thread lib/generic-handlers.js Outdated
Comment thread lib/generic-handlers.js
@schiwekM schiwekM requested a review from KoblerS March 24, 2026 09:24
@schiwekM schiwekM marked this pull request as ready for review March 24, 2026 11:55
@schiwekM schiwekM requested a review from a team as a code owner March 24, 2026 11:55
@hyperspace-insights
Copy link
Copy Markdown
Contributor

hyperspace-insights bot commented Mar 24, 2026

Summary

The following content is AI-generated and provides a summary of the pull request:

Add Audit Logging for Security Events

New Feature

✨ Introduces automatic audit logging for attachment security events when @cap-js/audit-logging is a dependency. Three new security events are now emitted and optionally forwarded to the audit log service: AttachmentDownloadRejected, AttachmentSizeExceeded, and AttachmentUploadRejected. Events are dispatched via cds.spawn to ensure they survive request transaction rollbacks.

Changes

  • README.md: Added documentation for the new audit logging feature, describing the three security events and how to register custom handlers for them.
  • lib/generic-handlers.js: Emits AttachmentDownloadRejected, AttachmentSizeExceeded, and AttachmentUploadRejected events (via cds.spawn) at the appropriate rejection points. Also converted validateAttachmentMimeType to an async function to support the new event emission.
  • lib/helper.js: Added hasAuditLogging() utility function that safely checks whether @cap-js/audit-logging is available at runtime, and exported it.
  • lib/plugin.js: Updated call to validateAttachmentMimeType to properly await the now-async function.
  • srv/basic.js: Registers handlers for the three security events on the AttachmentsService when @cap-js/audit-logging is present, forwarding them as SecurityEvent entries to the audit log service.
  • tests/incidents-app/package.json: Added @cap-js/audit-logging as a test dependency.
  • tests/unit/auditLogging.test.js: New test suite verifying that security events are correctly logged as SecurityEvent entries when audit logging is enabled, and that no handlers are registered when the dependency is absent.
  • tests/unit/rejectionEvents.test.js: New test suite covering emission of all three rejection events, error resilience, and the cds.spawn transaction isolation behavior.
  • tests/unit/validateAttachmentMimeType.test.js: Updated unit tests to properly await the now-async validateAttachmentMimeType function.
  • 🔄 Regenerate and Update Summary
  • ✏️ Insert as PR Description (deletes this comment)
  • 🗑️ Delete comment
PR Bot Information

Version: 1.19.1 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback

💌 Have ideas or want to contribute? Create an issue and share your thoughts with us!
📑 Check out the documentation for more information.
📬 Subscribe to the Hyperspace PR Bot DL to get the latest announcements and pilot features!

Made with ❤️ by Hyperspace.

hyperspace-insights[bot]
hyperspace-insights bot reviewed Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@hyperspace-insights hyperspace-insights bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR introduces useful audit logging for security events but has several correctness issues: the hasAuditLogging() check is fragile and should use cds.env.requires["audit-log"] instead, msg.data is mutated in-place risking corruption for downstream handlers, and the IP address is captured lazily inside cds.spawn callbacks where the socket may already be closed — it should be snapshotted synchronously before the spawn in all three event-emitting paths. The README code example also omits await on cds.connect.to.

PR Bot Information

Version: 1.19.1 | 📖 Documentation | 🚨 Create Incident | 💬 Feedback

  • Correlation ID: 5362aad0-2778-11f1-98c7-e76801f9f4e4
  • LLM: anthropic--claude-4.6-sonnet
  • Event Trigger: pull_request.ready_for_review

Comment thread srv/basic.js Outdated
Comment thread srv/basic.js Outdated
Comment thread lib/generic-handlers.js
Comment thread lib/generic-handlers.js
Comment thread lib/generic-handlers.js
Comment thread README.md
@schiwekM schiwekM requested a review from eric-pSAP March 24, 2026 16:07
KoblerS
KoblerS reviewed Mar 25, 2026
View reviewed changes
Comment thread README.md
@schiwekM schiwekM enabled auto-merge (squash) March 25, 2026 10:26
@schiwekM schiwekM disabled auto-merge March 25, 2026 10:26
@schiwekM schiwekM enabled auto-merge (squash) March 25, 2026 10:26
@schiwekM schiwekM merged commit c1973ca into main Mar 25, 2026
36 of 40 checks passed
@schiwekM schiwekM deleted the add-audit-logging-for-sec-events branch March 25, 2026 12:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hyperspace-insights hyperspace-insights[bot] hyperspace-insights[bot] left review comments

@KoblerS KoblerS KoblerS approved these changes

@eric-pSAP eric-pSAP eric-pSAP approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@schiwekM @KoblerS @eric-pSAP @ansgarlichter