fix: path traversal, file size limit, manifest size guard, scan limit…#210
Open
ameyvaidya44 wants to merge 2 commits into
Open
fix: path traversal, file size limit, manifest size guard, scan limit…#210ameyvaidya44 wants to merge 2 commits into
ameyvaidya44 wants to merge 2 commits into
Conversation
… race condition - fix(api): replace startswith() path traversal check with os.path.commonpath() in get_file_content; startswith is bypassable when one path is a prefix of another directory name (e.g. /tmp/ext_abc vs /tmp/ext_abcdef) - fix(api): add 5 MB file size guard in get_file_content before reading into memory to prevent OOM on large bundled assets - fix(manifest_parser): add 512 KB size limit on manifest.json before parsing to prevent DoS via crafted oversized manifests - fix(api): wrap _consume_deep_scan in a threading.Lock to eliminate the check-then-increment race condition that allowed concurrent requests to exceed the daily scan limit
docker-compose was binding to 0.0.0.0:8007 by default, making the API reachable from any device on the local network. For a local dev tool handling API keys and scan results this is unnecessary exposure. - docker-compose.yml: change port binding to 127.0.0.1:8007:8007 - docs/GET_STARTED.md: add network note explaining the binding and guidance for cases where external access is intentionally needed
github-actions
Bot
added
area: docs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
… race condition
fix(api): replace startswith() path traversal check with os.path.commonpath() in get_file_content; startswith is bypassable when one path is a prefix of another directory name (e.g. /tmp/ext_abc vs /tmp/ext_abcdef)
fix(api): add 5 MB file size guard in get_file_content before reading into memory to prevent OOM on large bundled assets
fix(manifest_parser): add 512 KB size limit on manifest.json before parsing to prevent DoS via crafted oversized manifests
fix(api): wrap _consume_deep_scan in a threading.Lock to eliminate the check-then-increment race condition that allowed concurrent requests to exceed the daily scan limit