invoice-master-poc-v2

kai/invoice-master-poc-v2

Fork 0

Commit Graph

Author	SHA1	Message	Date
Yaojia Wang	4c7fc3015c	fix: add PDF magic bytes validation to prevent file type spoofing Add validation that checks PDF files start with '%PDF' magic bytes before accepting uploads. This prevents attackers from uploading malicious files (executables, scripts) by renaming them to .pdf. - Add validate_pdf_magic_bytes() function with clear error messages - Integrate validation in upload_document endpoint after file read - Add comprehensive test coverage (13 test cases) Addresses medium-risk security issue from code review.	2026-02-03 22:28:24 +01:00

Author

SHA1

Message

Date

Yaojia Wang

4c7fc3015c

fix: add PDF magic bytes validation to prevent file type spoofing

Add validation that checks PDF files start with '%PDF' magic bytes
before accepting uploads. This prevents attackers from uploading
malicious files (executables, scripts) by renaming them to .pdf.

- Add validate_pdf_magic_bytes() function with clear error messages
- Integrate validation in upload_document endpoint after file read
- Add comprehensive test coverage (13 test cases)

Addresses medium-risk security issue from code review.

2026-02-03 22:28:24 +01:00

1 Commits