mirror of
https://github.com/jokob-sk/NetAlertX.git
synced 2025-12-07 09:36:05 -08:00
874b9b070e
This commit addresses multiple SQL injection vulnerabilities identified in the NetAlertX codebase: 1. **Primary Fix - reporting.py datetime injection**: - Fixed f-string SQL injection in down_devices section (line 98) - Replaced direct interpolation with validated integer casting - Added proper timezone offset handling 2. **Code Quality Improvements**: - Fixed type hint error in helper.py (datetime.datetime vs datetime) - Added security documentation and comments - Created comprehensive security test suite 3. **Security Enhancements**: - Documented remaining condition-based injection risks - Added input validation for numeric parameters - Implemented security testing framework **Impact**: Prevents SQL injection attacks through datetime parameters **Testing**: All security tests pass, including syntax validation **Compliance**: Addresses security scan findings (Ruff S608) Fixes #1179 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>