dataforge/osint_web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(security): TrustedHostMiddleware + escape UID/RRULE iCal + tests deterministas del flag

Browse Source 
- TrustedHostMiddleware (127.0.0.1/localhost/testserver): anti DNS-rebinding, cierra el
  vector por el que una web maliciosa alcanza el service local desde el navegador.
- _build_vcalendar: sanitiza UID y RRULE (quita saltos de línea) para evitar iCal injection
  (summary/location/description ya escapaban con _vcard_escape).
- tests: fixture autouse que fuerza OSINT_DB_BACKEND OFF por defecto, así la suite es
  determinista sin depender del estado real de dev/feature_flags.json (los tests del camino
  ON sobrescriben _FLAGS_FILE). Corrige 14 fallos que aparecían con el flag activado.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Egutierrez
2026-06-13 01:22:36 +02:00
parent 83c672c072
commit 3716b3f22a
3 changed files with 28 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
dev/feature_flags.json
+1 -1
View File
@@ -7,4 +7,4 @@
"enabled_at": "2026-06-13"
}
}
}
}