mirrors/homebox
1
0
Fork 0
mirror of https://github.com/sysadminsmedia/homebox.git synced 2025-12-24 06:28:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

ProductBarcode: backend: improve security of image fetching

Browse Source
This commit is contained in:
Crumb Owl
2025-07-06 19:20:53 +00:00
parent 402b8c429e
commit e80e5744f7
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
backend/app/api/handlers/v1/v1_ctrl_product_search.go
View File

@@ -7,6 +7,7 @@ import (
"fmt" "fmt"
"io" "io"
"net/http" "net/http"
"net/url"
"github.com/hay-kot/httpkit/errchain" "github.com/hay-kot/httpkit/errchain"
"github.com/rs/zerolog/log" "github.com/rs/zerolog/log"
@@ -242,6 +243,13 @@ func (ctrl *V1Controller) HandleProductSearchFromBarcode(conf config.BarcodeAPIC
continue continue
} }
// Validate URL is HTTPS
u, err := url.Parse(p.ImageURL)
if err != nil || u.Scheme != "https" {
log.Warn().Msg("Skipping non-HTTPS image URL: " + p.ImageURL)
continue
}
res, err := http.Get(p.ImageURL) res, err := http.Get(p.ImageURL)
if err != nil { if err != nil {
log.Warn().Msg("Cannot fetch image for URL: " + p.ImageURL + ": " + err.Error()) log.Warn().Msg("Cannot fetch image for URL: " + p.ImageURL + ": " + err.Error())