feat: expand dangerous ports database (CouchDB, Elasticsearch, InfluxDB)

[Copilot]

The dangerous ports blocklist was missing several common database ports that could be exploited for data exfiltration.

Added Ports

• CouchDB: 5984, 6984 (SSL)
• Elasticsearch: 9200 (HTTP), 9300 (transport)
• InfluxDB: 8086 (HTTP), 8088 (RPC)

Changes

• Extended DANGEROUS_PORTS array in src/squid-config.ts
• Added unit tests for each new port
• Updated existing tests using port ranges that now overlap with blocked ports (e.g., 8000-8100 → 7000-7100)

Attempting to allow these ports now throws:

Error: Port 9200 is blocked for security reasons. 
Dangerous ports (SSH:22, MySQL:3306, PostgreSQL:5432, etc.) cannot be allowed even with --allow-host-ports.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Security] Expand dangerous ports database (CouchDB, Elasticsearch, InfluxDB)</issue_title>
<issue_description>## Priority
Medium

Description

The current dangerous ports list is incomplete. It's missing several common database and service ports that could be used for data exfiltration or unauthorized access.

Missing Ports

• CouchDB: 5984, 6984
• Elasticsearch: 9200, 9300
• InfluxDB: 8086, 8088

Impact

• Severity: Medium
• Attack Vector: Data exfiltration through unblocked database ports
• Risk: Unauthorized access to databases, information disclosure

Proposed Solution

Expand the dangerous ports list in the firewall configuration to include these additional database ports.

Effort Estimate

~2 hours

References

• Source: Daily Security Review Discussion [Security Review] Daily Security Review - January 16, 2026 #228
• Location: Port filtering implementation</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [Security] Expand dangerous ports database (CouchDB, Elasticsearch, InfluxDB) #248

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[github-actions]

✅ Coverage Check Passed

Overall Coverage

Metric	Base	PR	Delta
Lines	77.19%	77.19%	➡️ +0.00%
Statements	77.27%	77.27%	➡️ +0.00%
Functions	77.17%	77.17%	➡️ +0.00%
Branches	69.76%	69.76%	➡️ +0.00%

---

Coverage comparison generated by scripts/ci/compare-coverage.ts

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[github-actions]

Smoke Test Results - Claude Sonnet 4.5

PRs: chore(deps): bump the github-actions group with 8 updates, chore(deps): bump astral-sh/setup-uv from e58605a to d4b2f3b
GitHub MCP: ✅
Playwright: ✅ (title: "GitHub · Change is constant. GitHub keeps you ahead. · GitHub")
File Write: ✅
Bash: ✅

Status: PASS

AI generated by Smoke Claude

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• chore: delete existing firewall tests and migrate smoke tests #229: chore: delete existing firewall tests and migrate smoke tests
• feat(ci): add coverage regression detection #244: feat(ci): add coverage regression detection

Test Results:

• ✅ GitHub MCP Testing
• ❌ Playwright Testing (module installation failed in firewall environment)
• ✅ File Writing Testing
• ✅ Bash Tool Testing

Overall Status: FAIL (Playwright test failed)

cc: @Mossaka @copilot

AI generated by Smoke Copilot

[github-actions]

🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation...

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• chore: remove smoke-codex workflow due to missing key #291: chore: remove smoke-codex workflow due to missing key
• ci: add agentic documentation preview workflow with Playwright #246: ci: add agentic documentation preview workflow with Playwright

✅ GitHub MCP: Fetched recent PRs successfully
✅ Playwright: Page title contains "GitHub"
✅ File Writing: Created test file successfully
✅ Bash Tool: Read file content back successfully

Overall Status: PASS

AI generated by Smoke Claude

[github-actions]

Smoke Test Results (Run ID: 21092324015)

Last 2 Merged PRs:

• feat: port plan workflow from gh-aw repository #230: feat: port plan workflow from gh-aw repository
• ci: pin GitHub Actions to commit SHAs for supply chain security #266: ci: pin GitHub Actions to commit SHAs for supply chain security

Test Results:

• ✅ GitHub MCP: Retrieved last 2 merged PRs
• ❌ Playwright: Tool not available
• ✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-copilot-21092324015.txt
• ✅ Bash Tool: Verified file content

Overall Status: FAIL (Playwright unavailable)

cc @Mossaka @copilot

AI generated by Smoke Copilot