Skip to content

fix: Validate and sanitize BookDB response data (#255)#261

Merged
deucebucket merged 5 commits into
developfrom
fix/issue-255-validate-bookdb-responses
Jun 12, 2026
Merged

fix: Validate and sanitize BookDB response data (#255)#261
deucebucket merged 5 commits into
developfrom
fix/issue-255-validate-bookdb-responses

Conversation

@deucebucket

Copy link
Copy Markdown
Owner

Summary

  • Adds _sanitize_api_response() helper in library_manager/providers/bookdb.py that strips null bytes, control characters, HTML tags, and truncates oversized string fields from API responses
  • Applied to search_bookdb() (top-level response + best_book), identify_audio_with_bookdb() result dict, and lookup_fingerprint() in fingerprint.py
  • Prevents path traversal, XSS, and oversized field injection from corrupted or tampered BookDB/Skaldleita responses

Closes #255

Test plan

  • Verify python test-env/test-naming-issues.py passes (290/290)
  • Verify ruff check . --select=F821 passes
  • Confirm sanitization logs appear when BookDB returns fields with control chars or HTML
  • Confirm normal BookDB responses pass through unchanged

@deucebucket deucebucket merged commit 7a91d32 into develop Jun 12, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant