Adam Outler
|
5b871865db
|
/data and /tmp standarization
|
2025-11-09 17:03:25 +00:00 |
|
jokob-sk
|
78ab0fbd2d
|
PLG: SNMPDSC typo
|
2025-10-31 20:45:09 +11:00 |
|
jokob-sk
|
63d6410bb4
|
BE: handle missing buildtimestamp.txt
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
|
2025-10-31 08:12:38 +11:00 |
|
Adam Outler
|
dfcc375fba
|
Non-root launch
|
2025-09-25 14:10:06 -04:00 |
|
Claude Code
|
874b9b070e
|
Security: Fix SQL injection vulnerabilities (Issue #1179)
This commit addresses multiple SQL injection vulnerabilities identified in the NetAlertX codebase:
1. **Primary Fix - reporting.py datetime injection**:
- Fixed f-string SQL injection in down_devices section (line 98)
- Replaced direct interpolation with validated integer casting
- Added proper timezone offset handling
2. **Code Quality Improvements**:
- Fixed type hint error in helper.py (datetime.datetime vs datetime)
- Added security documentation and comments
- Created comprehensive security test suite
3. **Security Enhancements**:
- Documented remaining condition-based injection risks
- Added input validation for numeric parameters
- Implemented security testing framework
**Impact**: Prevents SQL injection attacks through datetime parameters
**Testing**: All security tests pass, including syntax validation
**Compliance**: Addresses security scan findings (Ruff S608)
Fixes #1179
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
|
2025-09-17 22:26:47 -07:00 |
|
Ingo Ratsdorf
|
00c7bb65e1
|
Update server/helper.py
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
|
2025-09-03 07:10:26 +12:00 |
|
Ingo Ratsdorf
|
5695f4f3e7
|
Adding secondary cache to settings
Caching get_setting_value independent from what backend is used.
|
2025-09-02 14:48:12 +12:00 |
|
jokob-sk
|
3a023a675f
|
CPU optimization work 5 #1144
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
|
2025-09-01 09:13:13 +10:00 |
|
jokob-sk
|
8c895864da
|
CPU optimizartion work 4 #1144
Code checks / check-url-paths (push) Has been cancelled
docker / docker_dev (push) Has been cancelled
Deploy MkDocs / deploy (push) Has been cancelled
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
|
2025-09-01 08:45:41 +10:00 |
|
jokob-sk
|
90474a6b92
|
Merge branch 'main' of https://github.com/jokob-sk/NetAlertX
|
2025-09-01 08:33:38 +10:00 |
|
jokob-sk
|
98fdccb58f
|
CPU optimizartion work 2 #1144
Signed-off-by: jokob-sk <jokob.sk@gmail.com>
|
2025-09-01 08:33:14 +10:00 |
|
Ingo Ratsdorf
|
36ea3e62fd
|
Added cache to get_settings
The settings file is read about 30 times per second and parsed from json. Cache function added for now.
|
2025-08-30 21:35:15 +12:00 |
|
jokob-sk
|
f78c84d9a8
|
api layer v0.3 - /events /sessions work
Code checks / check-url-paths (push) Has been cancelled
docker / docker_dev (push) Has been cancelled
Deploy MkDocs / deploy (push) Has been cancelled
|
2025-08-21 22:36:22 +10:00 |
|
jokob-sk
|
915bb523d6
|
api layer v0.2.5 - /sessions + graphql tests
|
2025-08-21 15:10:47 +10:00 |
|
jokob-sk
|
962bbaa5a1
|
api layer v0.2.2 - CSV import/export, refactor
Code checks / check-url-paths (push) Has been cancelled
docker / docker_dev (push) Has been cancelled
Deploy MkDocs / deploy (push) Has been cancelled
|
2025-08-19 07:56:54 +10:00 |
|
jokob-sk
|
b155fe2b06
|
api layer v0.1
Code checks / check-url-paths (push) Has been cancelled
docker / docker_dev (push) Has been cancelled
Deploy MkDocs / deploy (push) Has been cancelled
|
2025-08-15 08:04:02 +10:00 |
|
jokob-sk
|
a6df204721
|
github timeout #1124, css fixes, change button on LOADED_PLUGINS
Code checks / check-url-paths (push) Has been cancelled
docker / docker_dev (push) Has been cancelled
Deploy MkDocs / deploy (push) Has been cancelled
|
2025-08-05 21:32:35 +10:00 |
|
jokob-sk
|
e8e48a2cc4
|
integer causing normalization issue in MQTT #1102
Code checks / check-url-paths (push) Waiting to run
docker / docker_dev (push) Waiting to run
Deploy MkDocs / deploy (push) Waiting to run
|
2025-06-26 07:25:10 +10:00 |
|
jokob-sk
|
503027c06e
|
debug Online_History #1020
Code checks / check-url-paths (push) Waiting to run
docker / docker_dev (push) Waiting to run
Deploy MkDocs / deploy (push) Waiting to run
|
2025-06-01 15:40:17 +10:00 |
|
jokob-sk
|
f4a3717859
|
FQDN, Dig refactor, docs #1065
|
2025-06-01 13:59:54 +10:00 |
|
jokob-sk
|
458577e071
|
mqtt and newdev name regex
|
2025-02-20 07:57:28 +11:00 |
|
jokob-sk
|
c8a40920b4
|
cleanup, faster devices screen update #967 #923
|
2025-01-20 23:42:24 +11:00 |
|
jokob-sk
|
729c24029f
|
docs + fixes to CustomProps
|
2025-01-02 10:15:58 +11:00 |
|
jokob-sk
|
e52601e062
|
ENCRYPTION_KEY, docs
|
2024-12-31 10:14:01 +11:00 |
|
jokob-sk
|
7248e73e03
|
Respecting LOG_LEVEL in plugins
docker / docker_dev (push) Waiting to run
|
2024-12-22 13:18:08 +11:00 |
|
jokob-sk
|
89840906a0
|
ICMP plugin 🆕
|
2024-12-01 12:13:56 +11:00 |
|
jokob-sk
|
f1f40021ee
|
chore:Settings DB table refactor
|
2024-11-23 09:28:40 +11:00 |
|
jokob-sk
|
0e438ffd57
|
chore:PHOLUS removal
|
2024-11-22 20:32:49 +11:00 |
|
jokob-sk
|
44b18e131c
|
GraphQl 0.124 - Running server check
|
2024-11-15 20:13:03 +11:00 |
|
jokob-sk
|
c1c6813b6e
|
GraphQl 0.123 - Dynamic columns + re-adding old Device table columns
|
2024-11-14 16:50:23 +11:00 |
|
jokob-sk
|
0bc8b39cec
|
🔺GraphQL v0.1 + Devices table rebuild + removal of backend compatible scripts
|
2024-11-10 21:22:45 +11:00 |
|
jokob-sk
|
dcfeb51aa1
|
Ignored IPs not applied #836
|
2024-10-12 10:49:29 +11:00 |
|
jokob-sk
|
c4e0abf913
|
Ignored IPs not applied #836
|
2024-10-11 20:05:23 +11:00 |
|
jokob-sk
|
f9e6871ab2
|
New Device creation int.replace issue #833
|
2024-10-11 19:00:08 +11:00 |
|
jokob-sk
|
30de0f9f93
|
AVAHISCAN / mDNS #815
|
2024-10-04 10:05:06 +10:00 |
|
jokob-sk
|
e2d84a1885
|
MQTT handling diacritics #813
docker / docker_dev (push) Waiting to run
|
2024-09-29 11:52:29 +10:00 |
|
jokob-sk
|
15a7779d6e
|
Sanitize input #805
docker / docker_dev (push) Waiting to run
|
2024-09-26 08:08:24 +10:00 |
|
jokob-sk
|
6233f4d646
|
Sanitize input #805
|
2024-09-26 07:21:58 +10:00 |
|
jokob-sk
|
5278af48c5
|
Sync Hub fix + overriddenByEnv
|
2024-09-23 08:15:35 +10:00 |
|
jokob-sk
|
fa0e07a511
|
Handle offlien GitHub #763
docker / docker_dev (push) Waiting to run
|
2024-08-16 08:53:58 +10:00 |
|
jokob-sk
|
45489eadaf
|
🔌UNIFI work
|
2024-08-05 09:58:18 +10:00 |
|
jokob-sk
|
b45e82b2a0
|
❌ NEWDEV_LESS_NAME_CLEANUP + Internet ParentNode fix + 📚Docs
|
2024-07-16 20:27:15 +10:00 |
|
jokob-sk
|
bf90ee81c7
|
Name cleanup + nbtscan improvements
|
2024-07-11 22:35:04 +10:00 |
|
jokob-sk
|
8e7e0afb1e
|
🔌NBTSCAN plugin #693
docker / docker_dev (push) Waiting to run
|
2024-07-11 15:56:29 +10:00 |
|
jokob-sk
|
0a9ae5e9d9
|
🔌NBTSCAN plugin #693
|
2024-07-11 15:27:37 +10:00 |
|
jokob-sk
|
52b293a662
|
🔷 regex fix
docker / docker_dev (push) Waiting to run
|
2024-07-10 12:48:05 +10:00 |
|
jokob-sk
|
bd52536107
|
⚙ transformers fix
|
2024-07-10 12:22:35 +10:00 |
|
jokob-sk
|
9f44c0de01
|
⚙ NAME_CLEANUP_REGEX #735 #728
|
2024-07-10 11:27:21 +10:00 |
|
jokob-sk
|
41b5de9292
|
⚙ NAME_CLEANUP_REGEX test
docker / docker_dev (push) Waiting to run
|
2024-07-09 23:30:09 +10:00 |
|
jokob-sk
|
95d5dbcf68
|
🔌 MQTT - do not send UNKNOWN + expose DEVICES_SQL
|
2024-07-09 23:09:42 +10:00 |
|