From 12348ebb80d926dc6bd6a38eb3f56739ae0752a7 Mon Sep 17 00:00:00 2001 From: Siavash Sameni Date: Fri, 29 May 2026 15:58:30 +0400 Subject: [PATCH] docs(issues): mark ISSUE-001 and ISSUE-002 resolved, update index Both dispute privilege-escalation issues fixed in backend disputeRoutes.ts. Index updated: 51 open (12 critical), 2 resolved. Co-Authored-By: Claude Sonnet 4.6 --- ...-api-disputes-id-status-and-post-api-disputes-id-resolv.md | 4 +++- ...api-disputes-id-assign-has-no-role-guard-any-user-can-s.md | 4 +++- Issues/Issues Index.md | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/Issues/ISSUE-001-patch-api-disputes-id-status-and-post-api-disputes-id-resolv.md b/Issues/ISSUE-001-patch-api-disputes-id-status-and-post-api-disputes-id-resolv.md index 7f3f3a3..b4b74bf 100644 --- a/Issues/ISSUE-001-patch-api-disputes-id-status-and-post-api-disputes-id-resolv.md +++ b/Issues/ISSUE-001-patch-api-disputes-id-status-and-post-api-disputes-id-resolv.md @@ -4,7 +4,9 @@ title: "PATCH /api/disputes/:id/status and POST /api/disputes/:id/resolve have n severity: critical domain: Dispute labels: [security, bug, backend, privilege-escalation] -status: open +status: resolved +resolved: 2026-05-29 +fix: "Added authorizeRoles('admin') middleware to PATCH /:id/status and POST /:id/resolve in backend/src/routes/disputeRoutes.ts" created: 2026-05-29 source: Doc vs Code Audit 2026-05-29 --- diff --git a/Issues/ISSUE-002-post-api-disputes-id-assign-has-no-role-guard-any-user-can-s.md b/Issues/ISSUE-002-post-api-disputes-id-assign-has-no-role-guard-any-user-can-s.md index e1c1143..59491f2 100644 --- a/Issues/ISSUE-002-post-api-disputes-id-assign-has-no-role-guard-any-user-can-s.md +++ b/Issues/ISSUE-002-post-api-disputes-id-assign-has-no-role-guard-any-user-can-s.md @@ -4,7 +4,9 @@ title: "POST /api/disputes/:id/assign has no role guard — any user can self-as severity: critical domain: Dispute labels: [security, bug, backend, privilege-escalation] -status: open +status: resolved +resolved: 2026-05-29 +fix: "Added authorizeRoles('admin') middleware to POST /:id/assign in backend/src/routes/disputeRoutes.ts" created: 2026-05-29 source: Doc vs Code Audit 2026-05-29 --- diff --git a/Issues/Issues Index.md b/Issues/Issues Index.md index 40e6328..3d1d515 100644 --- a/Issues/Issues Index.md +++ b/Issues/Issues Index.md @@ -1,7 +1,7 @@ # Issues Index > Generated from Doc vs Code Audit — 2026-05-29 · last reconciled 2026-05-29 -> **53 open issues** | 🔴 14 critical · 🟠 39 major · 🟡 0 minor · ⚪ 1 invalid (stale audit) +> **51 open issues** | 🔴 12 critical · 🟠 39 major · 🟡 0 minor · ⚪ 1 invalid (stale audit) · ✅ 2 resolved ## 🔴 Critical