Commit Graph

231 Commits

Author SHA1 Message Date
Georges-Antoine Assi
6db9d45928 actually fix 2026-04-07 22:53:44 -04:00
Georges-Antoine Assi
5529fdad7b Merge branch 'master' into romm-3232 2026-04-07 22:39:22 -04:00
Georges-Antoine Assi
f227a3145d changes from bot review 2026-04-07 22:32:40 -04:00
Georges-Antoine Assi
6c88e098ba [ROMM-3232] Fix content_hash not updated 2026-04-07 21:48:51 -04:00
Alex Vanderveen
6aca8fdfcf Parse Content-Type essence before validating resource downloads
Problem
_check_content_type used the full Content-Type header string (lowercased) and matched it with startswith(...) against allowed prefixes.

That is mostly fine when the server sends a bare type like application/pdf. It breaks down when vendors send parameters on the same header (e.g. name="…", charset=…). In theory application/force-download; name="…" should still start with application/force-download, but in practice you can get:

Leading whitespace or a UTF‑8 BOM before the type token, so the string no longer starts with your prefix even though the MIME type is correct.
Confusing logs: logging only the lowercased full header is fine, but the decision should be based on the standardized MIME essence (type + subtype, no parameters), which is what other stacks use for “what is this?”
So the fix is to parse the header the usual way and only then apply your allowlist.

What changed
_content_type_essence(header_value)

Takes everything before the first ; (the essence).
Strips whitespace, lowercases, strips a leading BOM (\ufeff) so odd clients/proxies don’t break the check.
_check_content_type

Reads the raw content-type header once.
Runs startswith on the essence, not on the full header with parameters.
Rejects if the essence is empty (missing or useless header).
Logging uses the raw header string (or (missing header)), so operators still see exactly what the server sent.
Call sites and allowed prefixes (image/, application/pdf, etc.) are unchanged; only how the string is normalized before comparison changes.

Security / SSRF
This does not replace URL / SSRF controls; it only makes post-fetch type checking consistent with how Content-Type is defined (essence vs parameters). You are not widening the allowlist—same prefixes, stricter handling of “empty” and clearer matching on the actual type token.

Risk / regression
Low: same allowed prefixes, strictly more tolerant of benign formatting (whitespace, BOM, parameters). The only stricter case is empty essence after strip (e.g. malformed header), which correctly fails the check.

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

I have reviewed the proposal and these edits will handle cases where the string we match against for the content_type is cleaned up more before comparing against the allow list of content_types.

I have tested this, and confirm that I do not get any errors loading PDFs for game manuals using this.  Please consider this, as this should be compatible with the existing content type allowlist, and easily work with any new types added to it.
2026-04-07 20:25:55 -04:00
Georges-Antoine Assi
b36a8b0cdf manual types should support octet-stream and force-download response 2026-04-07 14:22:43 -04:00
Georges-Antoine Assi
2dc1678931 changes from bot review 2026-04-06 11:22:44 -04:00
Georges-Antoine Assi
f2619ac0d1 Merge branch 'master' into pegasus-metadata-export 2026-04-06 11:06:08 -04:00
Georges-Antoine Assi
f2e8e337b2 Merge branch 'master' into save-sync 2026-04-05 21:47:53 -04:00
Georges-Antoine Assi
bae0d0c698 more changes from rview 2026-04-03 11:29:55 -04:00
Georges-Antoine Assi
ceddf2f9e9 changes from bot review 2026-04-03 11:24:02 -04:00
Georges-Antoine Assi
ec8583016b mega ton of fixes for 4.8 2026-04-03 10:54:31 -04:00
Georges-Antoine Assi
4c97eddfc3 fix trunk check 2026-03-22 16:30:14 -04:00
Georges-Antoine Assi
5bf3a435ee moer fixes 2026-03-21 22:57:44 -04:00
Georges-Antoine Assi
8e8baef6f6 fix check 2026-03-21 22:52:23 -04:00
Georges-Antoine Assi
4536deff65 more twekas 2026-03-21 22:30:10 -04:00
nendo
55638d15dc fix: address bugs, security issues, and convention violations in save-sync
- Fix broken path construction in FSSyncHandler: build_* methods now
  return relative paths; sync_watcher uses paths relative to sync base
  instead of CWD (was completely non-functional in production)
- Fix SSH connection leak in push-pull task: conn.close() now in finally
- Add log.warning for disabled SSH host key verification
- Fix race condition in session operation counter: use atomic SQL
  increment instead of read-then-write
- Extract _increment_session_counter helper, add exc_info to warnings
- Replace legacy session.query() with select() in sync_sessions_handler
- Fix orphaned session: trigger_push_pull now passes session_id to job
- Fix wasteful SSH download when no matched_save exists
- Fix BaseModel import collision in sync.py (pydantic -> project base)
- Fix ORM mutation in UserSchema.from_orm_with_request: set field on
  schema instance instead of mutating live ORM object
- Mask ssh_password and ssh_key_path in DeviceSchema API response
- Fix migration PostgreSQL compatibility: condition ON UPDATE clause
  on MySQL, drop enum in downgrade
- Rename copy-paste artifact rom_user_status_enum
2026-03-16 10:56:43 +09:00
Georges-Antoine Assi
f13f929d7d tweaks based on self review 2026-03-14 22:26:53 -04:00
Georges-Antoine Assi
e6ddc5da11 bot attempt at save sync 2026-03-14 22:13:38 -04:00
Georges-Antoine Assi
997e2c44aa start pre-4.8 cleanup 2026-03-12 23:02:12 -04:00
Georges-Antoine Assi
744d92d6d1 lower fs name 2026-03-11 21:05:01 -04:00
copilot-swe-agent[bot]
24fe5b941f refactor: move get_pico8_cover_url to FSRomsHandler, use validate_path for safe path construction
Co-authored-by: gantoine <3247106+gantoine@users.noreply.github.com>
2026-03-11 22:17:22 +00:00
Georges-Antoine Assi
ee8b55e6ef last set of changes 2026-03-07 09:56:17 -05:00
Georges-Antoine Assi
76bdfb4891 changes from self review 2026-03-07 09:36:45 -05:00
Georges-Antoine Assi
b3659a1226 changes from bot review 2026-03-07 08:58:42 -05:00
Georges-Antoine Assi
b030b98062 attempt to fix vuln reported in PR 2026-03-06 19:42:56 -05:00
Georges-Antoine Assi
8a56e9b333 [ROMM-3026] Region/language shortcodes should be case sensitive 2026-02-18 10:19:12 -05:00
Georges-Antoine Assi
77823c168d [AIKIDO-13126604] Stream file when building file hash 2026-02-16 13:51:20 -05:00
nendo
bf8cb92e93 refactor(assets): move content hash functions to assets_handler
Move compute_file_hash, compute_zip_hash, and compute_content_hash from
scan_handler.py to filesystem/assets_handler.py as standalone module-level
functions. This follows the existing pattern for utility functions in
filesystem handlers.
2026-02-03 20:07:18 +09:00
Georges-Antoine Assi
f48cf10e43 add more to fs error logs 2026-01-19 12:02:53 -05:00
zurdi
cc816822d8 Refactor library structure detection to use enum values and update related tests and frontend logic 2026-01-02 11:54:29 +00:00
zurdi
06a1598bcc Merge remote-tracking branch 'origin/master' into romm-1371 2026-01-02 11:12:36 +00:00
Georges-Antoine Assi
f867968f37 refactor get_rom_files return value 2025-12-30 11:42:38 -05:00
Georges-Antoine Assi
0971026f95 Add support for version tag 2025-12-30 11:37:06 -05:00
zurdi
ecf4ae542f fix: correct spelling of 'get_platform_fs_structure' in multiple files 2025-12-21 16:48:45 +00:00
zurdi
d51dbdb1cc feat: add platform game counts and enhance platform selection in Setup.vue 2025-12-18 16:23:34 +00:00
zurdi
9c8e73e485 feat: refactor platform handling and library structure detection 2025-12-18 01:04:00 +00:00
Georges-Antoine Assi
dc52910a2a [ROMM-2774] Remove unsupported lang tags 2025-12-16 10:00:40 -05:00
Zurdi
0d9a2e9380 Update backend/handler/filesystem/roms_handler.py
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2025-11-20 15:21:02 +01:00
zurdi
c82caa81b8 Add calculate hashes option to scanning process and update translations 2025-11-20 10:49:22 +00:00
Georges-Antoine Assi
67375fa5cd self cleanup 2025-11-19 18:38:51 -05:00
Georges-Antoine Assi
c18cbc40c6 ignore case uuid regex 2025-11-17 11:25:23 -05:00
Georges-Antoine Assi
a9ecd8f714 [HOTFIX] Fix flashpoint match by UUID 2025-11-17 11:08:06 -05:00
sftwninja
7581c0a8e8 fix: Address Gemini PR comments 2025-11-17 01:55:55 -06:00
sftwninja
90a5a66a12 Use internal SHA1 hash if CHD file is v5 2025-11-16 23:41:32 -06:00
Georges-Antoine Assi
d4e0f67c51 changes from bot review 2025-11-10 18:31:46 -05:00
Georges-Antoine Assi
eb5e32ed78 [HOTFIX] Fix importing media from gamelist.xml 2025-11-10 17:06:20 -05:00
Georges-Antoine Assi
f8b0ae63a1 fix scanning multi file games with ssfr 2025-10-31 10:50:51 -04:00
Georges-Antoine Assi
436b1972c4 tweaks from self review 2025-10-28 12:10:53 -04:00
Georges-Antoine Assi
c1ac9a2133 fix screenshots dissapearing on scan 2025-10-28 11:00:45 -04:00