rimskij/swagger-tools
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
swagger-tools/docs
History
rimskij d7f354b37d feat: add security hardening for ReDoS, path traversal, and SSRF 
- Add input-validation.ts with regex, path, and URL validation utilities
- Validate regex patterns before RegExp creation to prevent ReDoS
- Block dangerous nested quantifiers (a+)+, (a*)+, etc.
- Prevent path traversal with directory escape detection
- Block localhost, private IPs, and non-http/https protocols for SSRF
- Add SecurityOptions for configurable validation (allowPrivateIPs, etc.)
- Include 33 security tests (unit + integration)

Fixes #362

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-12 18:20:26 +01:00
..
analysis feat: add TypeScript generation options to generate-types tool 2026-01-12 15:42:39 +01:00
handoffs docs: add handoff documentation 2026-01-12 15:17:11 +01:00
implementations feat: add security hardening for ReDoS, path traversal, and SSRF 2026-01-12 18:20:26 +01:00
tasks feat: add security hardening for ReDoS, path traversal, and SSRF 2026-01-12 18:20:26 +01:00