You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix(conf): harden settings validation for security and correctness (#2876)
* fix(conf): harden settings validation for security and correctness
Tighten input validation across settings to reject invalid values that
were previously accepted silently:
- Reject zero and negative realtime intervals, cap at 24h
- Strip HTML tags from site name (defense in depth against stored XSS)
- Reject path traversal (..) and absolute paths in audio export path
- Validate EQ filter frequency > 0 and Q > 0 for both global and
per-source equalizers, with upper bounds
- Add dynamic threshold cross-field validation: min <= trigger,
validHours > 0 when enabled, both in [0,1] range
- Default empty BirdNET locale to "en" instead of leaving it blank
- Validate weather provider against known values
- Reject negative retention maxAge (parsed duration) and negative
minClips regardless of retention policy
- Fix pre-existing goconst lint issue in test_helpers.go
* fix(api): update test settings to satisfy stricter validation
The validation hardening requires positive realtime interval, non-empty
BirdNET locale, and relative export paths. Update the API v2 test
helper to provide valid defaults so existing PATCH tests continue to
pass with the stricter checks.
* fix(conf): address review feedback on validation hardening
- Move MinClips check above empty-policy early return so negative
values are rejected regardless of retention policy
- Rename misleading test case from "windows absolute rejected" to
"windows-style path treated as relative on unix"
* fix(conf): add per-stream EQ validation and update test expectations
Add EQ filter validation for per-stream equalizer settings (was missing
after per-source and global EQ were covered). Update malicious input
test to accept 400 responses for path traversal (now correctly rejected
at validation time). Update export path assertion in settings update
test to match relative path default.
* fix(conf): use require.NoError in validation tests and remove unused import
- Replace ignored ValidateSettings return with require.NoError so
tests abort on unexpected validation failures
- Add SessionDuration to createMinimalValidSettings for completeness
- Remove unused math import from validate_audio.go
* fix(conf): reject NaN floats and null bytes in validation
Address review feedback from Gemini peer review:
- Reject NaN values in EQ filter frequency/Q and dynamic threshold
trigger/min fields. NaN comparisons always return false in Go, so
NaN would bypass all range checks. YAML supports .nan literals.
- Reject null bytes in export path. While Go's os package rejects
them at runtime, catching them at validation time gives a clear
error message.
- Add tests for NaN and null byte edge cases.
* fix(api): remove synctest from settings concurrent tests
handleSettingsChanges spawns a background goroutine with time.Sleep
between control channel sends. When this runs inside a synctest bubble,
the sleeping goroutine outlives the test function and triggers the
deadlock detector: "main bubble goroutine has exited but blocked
goroutines remain".
Replace synctest.Test with regular WaitGroup.Go for the two affected
scenarios. These tests verify data consistency under concurrent access,
not timing behavior, so synctest provides no benefit here.
* fix(conf): treat zero realtime interval as default for upgrade compat
Existing configs may have interval: 0 explicitly set. Rather than
failing validation on upgrade, coerce 0 to the default (15s) with a
warning log, matching the SpeciesConfig.Interval pattern where 0 means
"use default". Negative values remain rejected.
0 commit comments