senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/veza-chat-server
History
senke d7bc7be535 fix(chat): implement real ContentFilter with XSS/injection pattern detection 
Replace the stub filter_content() that always returned true with a real
implementation using compiled regex patterns:

- XSS vectors: <script>, javascript:, onXxx=, <iframe>, <object>, <embed>
- SQL injection: UNION SELECT, DROP TABLE, OR 1=1, ' OR '
- Command injection: eval(), exec()

Patterns compiled once at startup via once_cell::sync::Lazy with safe
.ok() filter (no .unwrap()). Returns false (reject) on pattern match.

Also enhances validate_content() to check dangerous patterns and return
a proper error.

Addresses audit findings D4, A04: ContentFilter stub always returned true.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-11 23:22:46 +01:00
..
config adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
docs report generation and future tasks selection 2025-12-08 19:57:54 +01:00
migrations report generation and future tasks selection 2025-12-08 19:57:54 +01:00
proto adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
scripts report generation and future tasks selection 2025-12-08 19:57:54 +01:00
src fix(chat): implement real ContentFilter with XSS/injection pattern detection 2026-02-11 23:22:46 +01:00
.clippy.toml adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
.dockerignore adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
.env.lab.example chore(rust): chat server env, veza-common auth, stream server routes/websocket 2026-02-11 22:19:17 +01:00
.gitignore report generation and future tasks selection 2025-12-08 19:57:54 +01:00
AUDIT_CHAT_SERVER_RUST.md adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
AUDIT_EXHAUSTIF_CHAT_SERVER.md refonte: backend-api go first; phase 1 2025-12-12 21:34:34 -05:00
build.rs [T0-002] fix(rust): Corriger erreurs compilation Rust 2026-01-04 01:44:20 +01:00
Cargo.toml fix(deps): upgrade outdated Rust dependencies across services 2026-02-11 23:18:34 +01:00
check_output.txt stabilizing veza-backend-api: phase 1 2025-12-16 11:23:49 -05:00
check_output_2.txt STABILISATION: phase 1 & phase 2 2025-12-06 14:45:07 +01:00
deploy-simple.sh adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
docker-compose.local.yml adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
docker-compose.yml adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
Dockerfile adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
Dockerfile.production adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
env.example adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
Makefile adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00
sqlx-data.json adding initial chat server (Rust) 2025-12-03 20:33:26 +01:00