← Back to PRs

#17593: security: fail closed when LINE webhook secret is missing

by davidahmann open 2026-02-15 23:40 View on GitHub →
stale size: XS
## Problem LINE webhook startup currently accepts blank `channelSecret` values, which leaves auth validation behavior ambiguous and potentially fail-open. ## What changed - Added a fail-closed guard in `startLineWebhook` that rejects empty/whitespace channel secrets. - Reused the trimmed secret in middleware wiring to avoid inconsistent behavior. - Added regression test coverage for startup failure when secret is missing. ## Validation - `pnpm vitest src/line/webhook.test.ts` Refs #17587 <!-- greptile_comment --> <h3>Greptile Summary</h3> Prevented authentication bypass by failing closed when LINE `channelSecret` is missing or whitespace-only. The guard in `startLineWebhook` now trims and validates the secret at startup, matching the fail-closed pattern already used in `startTelegramWebhook` (src/telegram/webhook.ts:42-48). Test coverage added to verify the startup failure behavior. <h3>Confidence Score: 5/5</h3> - This PR is safe to merge with minimal risk - The security fix follows established patterns in the codebase (telegram webhook), has comprehensive test coverage including the new fail-closed behavior, and addresses a critical authentication vulnerability. The change is minimal, well-scoped, and doesn't introduce any new risks. - No files require special attention <sub>Last reviewed commit: 97d9f5b</sub> <!-- greptile_other_comments_section --> <!-- /greptile_comment -->

Most Similar PRs