679b89ae4c
Security Validation (enhance-security-validation): - JWT secret validation with entropy checking and pattern detection - CSRF protection middleware with token generation/validation - Frontend CSRF token auto-injection for DELETE/PUT/PATCH requests - MIME type validation with magic bytes detection for file uploads Error Resilience (add-error-resilience): - React ErrorBoundary component with fallback UI and retry functionality - ErrorBoundaryWithI18n wrapper for internationalization support - Page-level and section-level error boundaries in App.tsx Query Performance (optimize-query-performance): - Query monitoring utility with threshold warnings - N+1 query fixes using joinedload/selectinload - Optimized project members, tasks, and subtasks endpoints Bug Fixes: - WebSocket session management (P0): Return primitives instead of ORM objects - LIKE query injection (P1): Escape special characters in search queries Tests: 543 backend tests, 56 frontend tests passing Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
967 B
967 B
ADDED Requirements
Requirement: File MIME Type Validation
The system SHALL validate file content type using magic bytes detection.
Scenario: Valid file with matching extension
- WHEN a user uploads a file
- AND the detected MIME type matches the file extension
- THEN the upload SHALL be accepted
Scenario: Spoofed file extension rejected
- WHEN a user uploads a file with extension
.jpg - AND the actual content is detected as
application/x-executable - THEN the upload SHALL be rejected with error "File type mismatch"
Scenario: Unsupported MIME type rejected
- WHEN a user uploads a file with an unsupported MIME type
- THEN the upload SHALL be rejected with error "Unsupported file type"
Scenario: MIME validation bypass for trusted sources
- WHEN a file is uploaded from a trusted internal source
- AND the system is configured to allow bypass
- THEN MIME validation MAY be skipped