Hacker-Software/opencrm
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
a235c43f4042d29cbd7bbcfbb4ae51a68a39e651
opencrm/backend
T
History
duffyduck a235c43f40 Pentest 70.1 (INFO): GIF/WebP-Whitelist in contract.routes Multer-Filter 
contract.routes Vertragsdokumente: Multer-fileFilter blockte
image/gif + image/webp, obwohl validateUploadedFile sie zulässt.
Folge: GIF mit korrektem MIME 415, mit gespooftem MIME 201. Kein
Sicherheitsproblem (Magic-Byte ist der echte Guard), nur Konsistenz.
2026-06-03 15:21:24 +02:00
..
factory-defaults
factory-defaults: HTML-Templates + Import über UI
2026-05-07 19:26:33 +02:00
prisma
Pentest 24.6 INFO + 26.7 LOW: PENDING-Status sperren + documentPath-Validator
2026-06-02 14:20:13 +02:00
scripts
factory-defaults: builtin-Werkseinstellungen beim Auto-Seed einspielen
2026-05-07 19:41:16 +02:00
src
Pentest 70.1 (INFO): GIF/WebP-Whitelist in contract.routes Multer-Filter
2026-06-03 15:21:24 +02:00
uploads
save email as pdf like an attachment
2026-02-04 19:18:32 +01:00
.env.example
Security-Hardening Runde 17: JWT-TTL + Pentest-Marker-Detection
2026-05-18 20:06:03 +02:00
.gitignore
chore: backend/.env aus Git entfernt + .gitignore klargestellt
2026-05-01 18:35:00 +02:00
docker-entrypoint.sh
Pentest 55.2 + 55.3 HIGH + 55.4 + 53.3: Notes/Document-Auth/Race/Generate
2026-06-01 20:45:39 +02:00
Dockerfile
fix: src/ ins Runtime-Image, damit prisma/*.ts-Wartungsskripte laufen
2026-05-18 15:53:52 +02:00
package-lock.json
security: JWT raus aus localStorage – Refresh-Cookie-Pattern für SPA
2026-05-16 16:06:17 +02:00
package.json
security: JWT raus aus localStorage – Refresh-Cookie-Pattern für SPA
2026-05-16 16:06:17 +02:00
tsconfig.json
first commit
2026-01-29 01:16:54 +01:00