kai/invoice-master-poc-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
36 Commits 2 Branches 0 Tags
master
Commit Graph

12 Commits

Author SHA1 Message Date
Yaojia Wang
ad5ed46b4c WIP 2026-02-11 23:40:38 +01:00
Yaojia Wang
f1a7bfe6b7 WIP 2026-02-07 13:56:00 +01:00
Yaojia Wang
c2c8f2dd04 WIP 2026-02-03 22:29:53 +01:00
Yaojia Wang
4c7fc3015c fix: add PDF magic bytes validation to prevent file type spoofing 
Add validation that checks PDF files start with '%PDF' magic bytes
before accepting uploads. This prevents attackers from uploading
malicious files (executables, scripts) by renaming them to .pdf.

- Add validate_pdf_magic_bytes() function with clear error messages
- Integrate validation in upload_document endpoint after file read
- Add comprehensive test coverage (13 test cases)

Addresses medium-risk security issue from code review.
 2026-02-03 22:28:24 +01:00
Yaojia Wang
35988b1ebf Update paddle, and support invoice line item 2026-02-03 21:28:06 +01:00
Yaojia Wang
b602d0a340 re-structure 2026-02-01 22:55:31 +01:00
Yaojia Wang
400b12a967 Add more tests 2026-02-01 22:40:41 +01:00
Yaojia Wang
a564ac9d70 WIP 2026-02-01 18:51:54 +01:00
Yaojia Wang
a516de4320 WIP 2026-02-01 00:08:40 +01:00
Yaojia Wang
33ada0350d WIP 2026-01-30 00:44:21 +01:00
Yaojia Wang
d6550375b0 restructure project 2026-01-27 23:58:17 +01:00
Yaojia Wang
58bf75db68 WIP 2026-01-27 00:47:10 +01:00