kai/invoice-master-poc-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4c7fc3015c827fd6f275d183bdb7089a75144885
invoice-master-poc-v2/tests/web
History
Yaojia Wang 4c7fc3015c fix: add PDF magic bytes validation to prevent file type spoofing 
Add validation that checks PDF files start with '%PDF' magic bytes
before accepting uploads. This prevents attackers from uploading
malicious files (executables, scripts) by renaming them to .pdf.

- Add validate_pdf_magic_bytes() function with clear error messages
- Integrate validation in upload_document endpoint after file read
- Add comprehensive test coverage (13 test cases)

Addresses medium-risk security issue from code review.
2026-02-03 22:28:24 +01:00
..
core
re-structure
2026-02-01 22:55:31 +01:00
__init__.py
WIP
2026-01-27 00:47:10 +01:00
conftest.py
re-structure
2026-02-01 22:55:31 +01:00
test_admin_annotations.py
re-structure
2026-02-01 22:55:31 +01:00
test_admin_auth.py
re-structure
2026-02-01 22:55:31 +01:00
test_admin_routes_enhanced.py
re-structure
2026-02-01 22:55:31 +01:00
test_admin_routes.py
re-structure
2026-02-01 22:55:31 +01:00
test_admin_schemas_split.py
re-structure
2026-02-01 22:55:31 +01:00
test_admin_training.py
re-structure
2026-02-01 22:55:31 +01:00
test_annotation_locks.py
re-structure
2026-02-01 22:55:31 +01:00
test_annotation_phase5.py
re-structure
2026-02-01 22:55:31 +01:00
test_async_queue.py
re-structure
2026-02-01 22:55:31 +01:00
test_async_routes.py
re-structure
2026-02-01 22:55:31 +01:00
test_async_service.py
re-structure
2026-02-01 22:55:31 +01:00
test_augmentation_routes.py
re-structure
2026-02-01 22:55:31 +01:00
test_autolabel_with_locks.py
re-structure
2026-02-01 22:55:31 +01:00
test_batch_queue.py
re-structure
2026-02-01 22:55:31 +01:00
test_batch_upload_routes.py
re-structure
2026-02-01 22:55:31 +01:00
test_batch_upload_service.py
re-structure
2026-02-01 22:55:31 +01:00
test_dashboard_api.py
re-structure
2026-02-01 22:55:31 +01:00
test_dataset_builder.py
re-structure
2026-02-01 22:55:31 +01:00
test_dataset_routes.py
re-structure
2026-02-01 22:55:31 +01:00
test_dataset_training_status.py
re-structure
2026-02-01 22:55:31 +01:00
test_document_category_api.py
re-structure
2026-02-01 22:55:31 +01:00
test_document_category.py
re-structure
2026-02-01 22:55:31 +01:00
test_documents_upload_validation.py
fix: add PDF magic bytes validation to prevent file type spoofing
2026-02-03 22:28:24 +01:00
test_inference_api.py
Update paddle, and support invoice line item
2026-02-03 21:28:06 +01:00
test_inference_service.py
Update paddle, and support invoice line item
2026-02-03 21:28:06 +01:00
test_model_versions.py
re-structure
2026-02-01 22:55:31 +01:00
test_rate_limiter.py
re-structure
2026-02-01 22:55:31 +01:00
test_storage_helpers.py
re-structure
2026-02-01 22:55:31 +01:00
test_storage_integration.py
re-structure
2026-02-01 22:55:31 +01:00
test_training_phase4.py
re-structure
2026-02-01 22:55:31 +01:00