We actively support and provide security updates for the following versions of LeetPush:
| Version | Supported |
|---|---|
| 0.x.x | β |
We take the security of LeetPush seriously. If you believe you have found a security vulnerability, please report it to us as described below.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via:
- Email: security@leetpush.com (preferred)
- GitHub Security Advisories: Create a security advisory
- Direct Message: Contact maintainers on GitHub
Please include the following information in your report:
- Description: A clear description of the vulnerability
- Impact: The potential impact of the vulnerability
- Steps to Reproduce: Detailed steps to reproduce the issue
- Proof of Concept: If possible, provide a minimal example
- Environment: Browser version, OS, extension version
- Severity: Your assessment of the severity level
We will respond to security reports as follows:
- Acknowledgment: Within 24 hours
- Initial Assessment: Within 72 hours
- Status Update: Weekly until resolution
- Security Fix: Target within 7-14 days for critical issues
- Manifest V3: Uses the latest Chrome extension security model
- Content Security Policy: Strict CSP prevents code injection
- Permissions: Minimal required permissions only
- Origin Restrictions: Limited to necessary domains
- OAuth 2.0: Secure GitHub authentication flow
- Token Storage: Encrypted local storage
- Token Expiration: Automatic token refresh
- Scope Limitation: Minimal required GitHub permissions
- Local Storage: Sensitive data stored locally only
- No Data Collection: We don't collect personal data
- Encrypted Communication: HTTPS for all API calls
- No Third-Party Analytics: Privacy-focused approach
- Dependency Scanning: Regular security audits
- Input Validation: All user inputs are validated
- XSS Protection: Proper content sanitization
- CSRF Protection: Token-based request validation
- Keep Updated: Always use the latest version
- Review Permissions: Check extension permissions regularly
- Secure GitHub: Use strong passwords and 2FA
- Monitor Activity: Review GitHub activity logs
- Report Issues: Report suspicious behavior immediately
- Secure Coding: Follow security best practices
- Code Review: All changes require review
- Dependency Updates: Keep dependencies current
- Testing: Include security testing in CI/CD
- Documentation: Document security considerations
- Storage: Tokens are stored in Chrome's encrypted storage
- Transmission: Only sent over HTTPS to GitHub API
- Scope: Limited to repository read/write permissions
- Expiration: Tokens automatically refresh when needed
- CSRF Tokens: Used for authenticated requests
- Content Scripts: Minimal permissions on LeetCode domain
- Data Extraction: Only submission data is accessed
- No Credentials: We never access LeetCode passwords
- Sandboxing: Extension runs in isolated environment
- Permission Model: Explicit permission requests
- Update Mechanism: Automatic security updates
- Code Signing: Extension is cryptographically signed
- Input validation implemented
- Output encoding applied
- Authentication properly handled
- Authorization checks in place
- Error handling doesn't leak information
- Dependencies are up to date
- Security tests written
- Code reviewed by multiple developers
- Production build created
- Security headers configured
- Monitoring and logging enabled
- Backup and recovery tested
- Incident response plan ready
- None: We do not collect any personal data
- Local Only: All data stays on your device
- No Tracking: No analytics or tracking scripts
- No Telemetry: No usage data transmitted
- GitHub: Repository information (with your permission)
- LeetCode: Submission data (locally processed)
- Chrome Storage: Extension settings and tokens
- Nothing: We never share your data with third parties
- GitHub Only: Code is pushed directly to your repositories
- Open Source: Our code is publicly auditable
For security-related questions or concerns:
- Security Email: jasvindersingh3593@gmail.com
- General Contact: jasvindersingh3593@gmail.com
- GitHub Issues: For non-security bugs only
- Discussions: For general questions
We recognize and thank security researchers who help improve LeetPush:
No vulnerabilities reported yet - be the first!
Last Updated: June 25, 2025 Version: 1.0
This security policy is subject to change. Please check back regularly for updates.