Skip to content

Fix Critical Security Issues#67

Merged
alimalek71 merged 35 commits into
mainfrom
fix/critical-security-issues
Dec 9, 2025
Merged

Fix Critical Security Issues#67
alimalek71 merged 35 commits into
mainfrom
fix/critical-security-issues

Conversation

@alimalek71
Copy link
Copy Markdown
Contributor

@alimalek71 alimalek71 commented Dec 9, 2025

No description provided.

@alimalek71
fix: change user role and keep them in database
c1eabbb
@alimalek71
style: reformat code
1e3d86f
@alimalek71
fix: use url validator to stop user to attack internal network
7abc692
@alimalek71
fix: use script and redirct sanitizer to stop some dangrous way of at…
90d9424 
…tacking
@alimalek71
refactor: replace depricated redis code in ratelimit class
6c75149
@alimalek71
refactor: use sanitizers
a5f89d0
@alimalek71
feat: add password validor class
8aee195
@alimalek71
feat: add coverage report
2eded96
@alimalek71
fix: correct parameter order in removeWebhookLink query
a0be2c3
@alimalek71
feat: implement retry mechanism for webhook calls
a0d80ce
@alimalek71
feat: implement soft delete for users
e9b9405
@alimalek71
refactor: use environment variables for db config
c2d3c6b
@alimalek71
fix: improve input validation and deserialization for links resource
93549dc
@alimalek71
test: add security unit tests and improve script sanitizer
a85feeb
@alimalek71
feat: implement audit logging system
1744884
@alimalek71
feat: add readiness and liveness health checks
7d34a0f
@alimalek71
feat: add fault tolerance and enable health checks
c274d7b
@alimalek71
fix: resolve link creation issues and integrate audit logging
b4dce98
@alimalek71
feat(security): enforce strict URL validation and support deep links
484b95a 
- Implement strictly validated `@ValidURI` annotation
- Update `UrlValidator` to block dangerous schemes (XSS) but allow deep links
- Remove legacy auto-addition of `http://` to enforce explicit protocols
- Update regression tests to verify strict validation behavior
@alimalek71
chor: update yauaa to latest version
ac1a83d
@alimalek71
chore: start addressing security review findings
ef7fab9
@alimalek71
fix(auth): secure role assignment and shorten token lifetime
ba5ea62
@alimalek71
fix(db): remove default credentials
532f27f
@alimalek71
fix(links): strict custom alias creation
3c00b92
@alimalek71
refactor(util): expose IP safety check
2015d9f
@alimalek71
fix(webhook): protect against SSRF
d720339
@alimalek71
fix(webhook): fix imports
dcc4396
@alimalek71
fix(xss): sandbox script execution
2c5789b
@alimalek71
fix(xss): secure script redirect with strict context isolation
16f0761
@alimalek71
feat: add new record for analytic
5ac7160
@alimalek71
fix(links): treat empty hash as auto-generate request
44f4050
@alimalek71
feat(val): add NullOrNotBlank validation for hash field
714d023
@alimalek71
feat(val): add range validation for redirect code
9303730
@alimalek71
fix: resolve test failures and background job exception
d6a476c 
Fixes semantic exception in ExpireLinkJob and adds test seed data to resolve missing user errors in tests.
@alimalek71
feat: enhance link validation and cleanup resources
a197a69 
Adds NullOrNotBlank validation, defaults for LinkCreateDTO, and minor cleanup in LinksResource.
@alimalek71 alimalek71 merged commit 118a77c into main Dec 9, 2025
3 checks passed
@alimalek71 alimalek71 deleted the fix/critical-security-issues branch December 9, 2025 18:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@alimalek71