- Removed reliance on window.DEBUG_MODE and window.DISABLE_* flags.
- Configuration is now passed via constructor instead of global variables.
- Exposed API remains on `window.secureBitChat`, but without backup globals or hidden toggles.
- Consolidated multiple setInterval tasks into a single scheduler to reduce attack surface.
- Added strict limits for IV history and log storage to prevent memory exhaustion.
- Improved XSS hardening: no more global switches to disable security features.
- Removed unsafe exposure of internal objects:
• deleted all references to `window.fileTransferSystem`
• unified global API setup to a single immutable `safeGlobalAPI` via Object.freeze
• removed legacy branch with `delete window[name]`
- Logging improvements:
• eliminated all direct `console.*` calls (use `_secureLog` exclusively)
• fixed string templates with proper interpolation (``${var}``)
• prevented accidental fallback to raw console in production
- Cryptography enforcement:
• updated `_validateCryptographicSecurity()` to require ECDSA and PFS
• added emergency shutdown if critical crypto features are missing
• ensured consistent feature enabling for production
- Metadata of extracted keys is now marked encrypted: true
- Removed decryption bypass via _keyReferences, all keys are returned via decrypt
- Nested encryption uses random 96-bit IV instead of single byte increment
- Fixed _secureLogShim: correct argument destructuring (...args)
- Removed busy-wait in forceInitializeFileTransfer, replaced with async wait
- Replace unsafe console.error/warn calls with secure logging system
- Implement production-safe logging that masks sensitive data
- Add automatic sanitization for cryptographic keys and sensitive information
- Create secure logging infrastructure for EnhancedSecureWebRTCManager and EnhancedSecureCryptoUtils
- Prevent data leakage of internal logic and error details in production
- Add production/development mode detection for appropriate logging levels
- Implement server-side error logging for production environments
- Replace unsafe console.error/warn calls with secure logging system
- Implement production-safe logging that masks sensitive data
- Add automatic sanitization for cryptographic keys and sensitive information
- Create secure logging infrastructure for EnhancedSecureWebRTCManager and EnhancedSecureCryptoUtils
- Prevent data leakage of internal logic and error details in production
- Add production/development mode detection for appropriate logging levels
- Implement server-side error logging for production environments
BREAKING CHANGE: Enhanced key validation now performs complete ASN.1 parsing
Security improvements:
- Added complete ASN.1 DER parser for full structure validation
- Implemented OID validation for algorithms and curves (P-256/P-384 only)
- Added EC point format verification (uncompressed format 0x04)
- Validate SPKI structure elements count and types
- Check key size limits to prevent DoS attacks (50-2000 bytes)
- Verify unused bits in BIT STRING (must be 0)
- Added fallback support from P-384 to P-256
This fixes high-risk vulnerability where keys with valid headers but
modified data could be accepted. Now all structural elements are validated
according to PKCS standards.
Affected methods:
- validateKeyStructure() - complete rewrite with ASN.1 parsing
- All key import/export methods now use enhanced validation
Security Enhancements:
- Add salt entropy validation (minimum 16 unique bytes for 64-byte salts)
- Expand secure logging patterns to catch more sensitive data types
(fingerprint, mac, hash patterns)
- Implement random timing delays in verifyAuthProof() to mask execution timing
- Revert sanitizeMessage() to working regex-based approach
Validation Improvements:
- validateSalt() now checks both size and entropy quality
- secureLog.sanitizeContext() enhanced with additional sensitive patterns
- Added timing attack protection with 5-25ms random delays
- Improve installation status detection logic
- Add proper DOM cleanup when PWA is installed
- Enhance monitoring for installation state changes
- Fix shouldShowPrompt() logic to always check current status
- Add forceInstallationCheck() method for manual status updates
- Improve installation status detection logic
- Add proper DOM cleanup when PWA is installed
- Enhance monitoring for installation state changes
- Fix shouldShowPrompt() logic to always check current status
- Add forceInstallationCheck() method for manual status updates
- Eliminated unsafe global state (window.*)
- Added DoS protection with MessageSizeValidator
- Added race condition prevention with AtomicOperations
- Added rate limiting (10 files/minute)
- Added secure memory management with SecureMemoryManager
- Wrapped handleFileChunk in atomic operations
- Updated all methods with security enhancements
- New users now see install prompt automatically after 10 seconds
- Smart cancellation prevents duplicate prompts
- Added PWAUtils methods for delayed prompt management
- Enhanced user onboarding experience
- Respects installation status and user preferences
- Add production mode detection and secure logging system
- Replace console.log with _secureLog() that sanitizes sensitive data
- Hide encryption keys, message content, and security details from logs
- Implement log level control (production: warn+error only, dev: debug+)
- Add data sanitization for keys, tokens, buffers, and sensitive strings
- Prevent log spam with automatic rate limiting and cleanup
- Maintain useful debugging info while protecting user privacy
- Add automatic memory cleanup for log counters
Security Impact: HIGH - Prevents sensitive data exposure through browser console
Changes:
- Production: Only critical errors/warnings logged
- Development: Safe debugging info without sensitive content
- All message content, encryption keys, and tokens are now sanitized
- Automatic detection of production vs development environment
- Remove dangerous global window exposure of encryption keys and manager instance
- Replace window.webrtcManager/globalWebRTCManager with secure limited API
- Add window.secureBitChat with validated public methods only
- Implement automatic monitoring for unauthorized global exposure attempts
- Add security integrity checks and emergency shutdown capability
- Prevent access to sensitive data (encryption keys, session data, internal methods)
- Maintain full functionality while securing internal implementation
BREAKING CHANGE: window.webrtcManager is no longer available
MIGRATION: Use window.secureBitChat.sendMessage() instead of window.webrtcManager.sendMessage()
Security Impact: CRITICAL - Prevents XSS attacks from accessing encryption keys
Tested: All functionality preserved, file transfers working, connections stable
- File Transfer Integration: Refactored file transfer system initialization with better error handling and automatic retry mechanisms
- Message Filtering: Added comprehensive message filtering system to prevent file transfer and system messages from appearing in chat UI
- Callback System: Simplified file transfer callback system - removed progress notifications from chat to reduce noise
- System Message Deduplication: Implemented notification flags to prevent duplicate system messages (verification, security upgrades, etc.)
- Error Handling: Enhanced error handling with graceful fallbacks instead of throwing exceptions that could break connections
- UI Message Delivery: Added `deliverMessageToUI()` method with built-in filtering for system/file messages
- DataChannel Event Handling: Improved onmessage handler with early filtering for file transfer messages
- Global Integration: Better integration with global file transfer system (`window.fileTransferSystem`)
- Connection Stability: Removed aggressive reconnection attempts that could cause session closure
- Debug Logging: Enhanced debug logging for better troubleshooting
- File transfer messages now bypass chat UI entirely
- System messages are deduplicated using internal flags
- Better separation of concerns between WebRTC and file transfer systems
- More robust initialization sequence with proper cleanup
- Improved message routing and processing pipeline
- Fixed duplicate system notifications
- Resolved file transfer message leakage into chat
- Improved connection state management
- Better handling of initialization race conditions
- Reworked the core logic for encrypting and decrypting files exchanged between users
- Improved key derivation and session handling for file chunks
- Enhanced integrity checks to prevent tampering and replay attacks
- Work in progress: adding hardened encryption schemes and conducting fault-tolerance testing
Added an early implementation of secure file transfer using chunk-based encryption.
Files are split into encrypted chunks and transmitted over the chat channel.
This feature is still under active development and requires further changes and testing.
- Added a real verification system for active encryption modules, giving users full control over enabled modules.
- During session purchase or activation, the actual enabled modules are now displayed for both free and paid sessions.
- Refactored session timer initialization for proper functionality and accurate countdown.
- Optimized code structure related to session management and module verification.
