alexei.dolgolyov/web-app-launcher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

fix: address all final review findings for Phase 3

Browse Source 
- CRITICAL: Fix command injection in discoveryService (execFile instead
  of exec, path validation regex)
- CRITICAL: Add Zod validation on discover API endpoint
- HIGH: Add Zod validation on discover/approve endpoint
- HIGH: Add array length limits to import schema (1000/100/100)
- HIGH: Fix theme broadcast echo loop (setTimeout vs queueMicrotask)
- MEDIUM: Singleton BroadcastChannel instead of create-per-send
- MEDIUM: Exclude sensitive APIs from service worker cache
- MEDIUM: Fix TypeScript cast errors in exportService tests
This commit is contained in:
Admin
2026-03-25 01:28:24 +03:00
parent 7d8a8fb0fc
commit 395ed821b7
9 changed files with 72 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/lib/server/services/__tests__/exportService.test.ts
+2 -2
View File
@@ -102,8 +102,8 @@ describe('exportService', () => {
healthcheckTimeout: 5000
});
// Internal fields should not be present
expect((result.apps[0] as Record<string, unknown>).id).toBeUndefined();
expect((result.apps[0] as Record<string, unknown>).createdById).toBeUndefined();
expect((result.apps[0] as unknown as Record<string, unknown>).id).toBeUndefined();
expect((result.apps[0] as unknown as Record<string, unknown>).createdById).toBeUndefined();
});
it('maps boards with nested sections and widgets', async () => {