romm/backend/utils at 009d358175a4a908a8a027092b8c23c590c005c6 - romm - Gitea: Git with a cup of tea

Simon/romm

mirror of https://github.com/rommapp/romm.git synced 2026-06-28 06:46:00 +00:00

Files

History

Claude 009d358175 fix(security): resolve hostnames in SSRF URL validator

validate_url_for_http_request previously skipped DNS resolution, so
attacker-controlled domains that resolve to private/loopback/link-local
addresses (e.g. 127.0.0.1.nip.io) passed validation and the subsequent
httpx GET hit internal services. Resolve the hostname via getaddrinfo
and reject any result whose IP is private, loopback, link-local,
reserved, multicast, or unspecified. Unresolvable hostnames are
rejected as well.

https://claude.ai/code/session_01T335ZvA825YhuzPctmYzUy

2026-05-27 12:33:36 +00:00

..

__init__.py

[ROMM-2547] Flashpoint scrape by ID

2025-10-18 22:18:42 -04:00

archive_7zip.py

Merge pull request #2930 from Delgan/fix-file-not-found-in-7z-archive

2026-01-22 13:51:32 -05:00

auth.py

changes from bot rview

2026-03-22 17:17:14 -04:00

background_tasks.py

refactor(utils): move fire_and_forget helper into utils.background_tasks

2026-04-21 12:50:10 +02:00

cache.py

misc: Apply import sorting

2025-09-04 11:17:00 -03:00

client_tokens.py

fix deprecations in pydantic

2026-03-15 09:34:48 -04:00

context.py

run trunk fmt

2026-04-02 10:21:43 -04:00

database.py

Refactor gallery filter components to use toggle buttons for filter states, allowing null values for all filters. Update filter logic in the store and API services to accommodate new states. Enhance UI for better visibility and interaction with filter options in the gallery app.

2025-11-27 12:56:01 +00:00

datetime.py

refactor(utils): extract to_utc function to utils/datetime.py

2026-02-03 20:07:47 +09:00

emoji.py

misc: Replace emoji dependency with constants

2025-08-07 09:50:14 -03:00

filesystem.py

changes from bot review

2026-05-19 07:52:43 -04:00

gamelist_exporter.py

feat(fs): hardlink import/export assets when possible, harden sync init

2026-05-18 07:38:11 -04:00

generate_supported_platforms.py

changes from bot review

2026-04-12 15:43:14 -04:00

hashing.py

feat: Use nginx mod_zip to generate multi-file zip downloads

2024-08-20 22:39:33 -03:00

json_module.py

Add github action to update HLTB API url

2025-11-17 15:27:48 -05:00

nginx.py

Revert double-encoding in ZipResponse Content-Disposition

2026-03-25 06:51:24 +09:00

pegasus_exporter.py

feat(fs): hardlink import/export assets when possible, harden sync init

2026-05-18 07:38:11 -04:00

platforms.py

fix: update heartbeat and platforms endpoints to enhance authentication and logging

2025-12-21 16:36:56 +00:00

router.py

misc: Upgrade Python to v3.12 and Alpine to v3.20

2024-08-15 20:14:32 -03:00

update_hltb_api_url.py

add outbound HTTP proxy support for backend requests

2026-03-27 07:02:14 +01:00

validation.py

fix(security): resolve hostnames in SSRF URL validator

2026-05-27 12:33:36 +00:00