nhcarrigan/library
9
0
Fork 0
generated from nhcarrigan/template
Code Issues Pull Requests 54 Actions Releases 3 Activity
Files
544c090ff364b9ec8780a030265ae5f87b477e95
library/api
T
History
hikari abb39c67f2
Node.js CI / CI (pull_request) Failing after 34s
Details
Security Scan and Upload / Security & DefectDojo Upload (pull_request) Successful in 1m9s
Details
feat: apply comprehensive validation to all remaining services 
Extended the comprehensive input validation pattern to Music, Art,
Show, and Manga services, completing security coverage across all
media types in the library.

Services Updated:

1. Music Service
   - Title validation (max 500 characters)
   - Artist validation (max 200 characters)
   - Notes validation (max 5000 characters)
   - Cover art URL validation (max 2048 characters, http/https only)
   - Rating validation (0-10 integers)
   - Tags validation (each max 50 characters)
   - Links validation (valid URLs, max lengths)

2. Art Service
   - Title validation (max 500 characters)
   - Artist validation (max 200 characters)
   - Description validation (max 5000 characters)
   - Image URL validation (required, valid URL)
   - Links validation (valid URLs, max lengths)

3. Show Service
   - Title validation (max 500 characters)
   - Notes validation (max 5000 characters)
   - Cover image URL validation (max 2048 characters, http/https only)
   - Rating validation (0-10 integers)
   - Tags validation (each max 50 characters)
   - Links validation (valid URLs, max lengths)

4. Manga Service
   - Title validation (max 500 characters)
   - Author validation (max 200 characters)
   - Notes validation (max 5000 characters)
   - Cover image URL validation (max 2048 characters, http/https only)
   - Rating validation (0-10 integers)
   - Tags validation (each max 50 characters)
   - Links validation (valid URLs, max lengths)

Security Improvements:

All services now protect against:
- XSS attacks via malicious URLs (javascript:, data:, vbscript:, file:)
- Buffer overflow via excessively long strings
- Invalid data formats
- DoS attacks via massive input

Validation Pattern:

Each service includes:
- Private validateData() method with comprehensive checks
- Validation calls at the start of create() and update() methods
- Descriptive error messages for all validation failures
- Consistent use of MAX_LENGTHS constants

Files Modified:
- api/src/app/services/music.service.ts
- api/src/app/services/art.service.ts
- api/src/app/services/show.service.ts
- api/src/app/services/manga.service.ts

The entire application now has consistent, comprehensive input
validation across all user-facing services!
2026-02-20 01:44:57 -08:00
..
prisma
feat: add time tracking to all media types
2026-02-19 23:51:04 -08:00
src
feat: apply comprehensive validation to all remaining services
2026-02-20 01:44:57 -08:00
.gitignore
feat: initial scaffolding
2026-02-03 10:09:37 -08:00
AUTH_FLOW.md
feat: auth
2026-02-04 08:04:46 -08:00
jest.config.cts
feat: multiple improvements to library functionality (#50)
2026-02-19 16:52:43 -08:00
prisma.config.ts
feat: initial scaffolding
2026-02-03 10:09:37 -08:00
project.json
feat: initial prototype works
2026-02-04 12:17:05 -08:00
tsconfig.app.json
feat: multiple improvements to library functionality (#50)
2026-02-19 16:52:43 -08:00
tsconfig.json
feat: initial scaffolding
2026-02-03 10:09:37 -08:00
tsconfig.spec.json
feat: initial scaffolding
2026-02-03 10:09:37 -08:00