implemented the Campaign Budget Threshold Alerts feature.#376
Open
memplethee-lab wants to merge 7 commits intoPulsefy:mainfrom
Open
implemented the Campaign Budget Threshold Alerts feature.#376memplethee-lab wants to merge 7 commits intoPulsefy:mainfrom
memplethee-lab wants to merge 7 commits intoPulsefy:mainfrom
Conversation
|
@memplethee-lab Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
Contributor
Contributor
Author
- Add comprehensive file upload security validation * Enforce 10MB maximum file size * Whitelist 8 allowed MIME types (images, PDFs, documents) * Whitelist 9 allowed file extensions * Reject path traversal attempts (.., /, \) * Block null byte injection * Enforce single file upload only * Validate filename safety (max 255 chars, no empty names) - Create multer configuration with security options * Centralized upload validation in multer.config.ts * Export validation functions for unit testing * Proper TypeScript typing for error handling - Add comprehensive test coverage * 17 unit tests for validation functions (all passing) * 22 e2e tests for boundary and security scenarios * Tests for malicious file rejection (.exe, .php, .js, .bat) * Tests for path traversal prevention * Tests for file size boundaries - Fix linting errors * Remove unused User import from budget-alerts.service.ts * Fix unsafe any type in handleMulterError function * Add eslint-disable comments for Jest mock methods * Apply Prettier formatting to all new files - Update dependencies * Add multer ^1.4.5-lts.1 to backend package.json Security improvements: ✅ File size limit enforcement ✅ MIME type validation ✅ File extension validation ✅ Path traversal protection ✅ Multiple file upload prevention ✅ Null byte injection protection ✅ Filename length validation Closes Pulsefy#245
Contributor
|
Please fix failing test |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #245;
Closes #258