nordabiz

maciejpi/nordabiz

Fork 0

Commit Graph

Author	SHA1	Message	Date
Maciej Pienczyn	e718d96a7d	fix(security): Resolve 1 HIGH and 7 MEDIUM vulnerabilities from code review Some checks are pending NordaBiz Tests / Unit & Integration Tests (push) Waiting to run Details NordaBiz Tests / E2E Tests (Playwright) (push) Blocked by required conditions Details NordaBiz Tests / Smoke Tests (Production) (push) Blocked by required conditions Details NordaBiz Tests / Send Failure Notification (push) Blocked by required conditions Details - HIGH: Fix SQL injection in ZOPK knowledge service (3 functions) — replace f-strings with parameterized queries - MEDIUM: Sanitize tsquery/LIKE input in SearchService to prevent injection - MEDIUM: Add @login_required + @role_required(ADMIN) to /health/full endpoint - MEDIUM: Add @role_required(ADMIN) to ZOPK knowledge search API - MEDIUM: Add bleach HTML sanitization on write for announcements, events, board proceedings (stored XSS via \|safe) - MEDIUM: Remove partial API key from Gemini service logs - MEDIUM: Remove @csrf.exempt from chat endpoints, add X-CSRFToken headers in JS - MEDIUM: Add missing CSRF tokens to 3 POST forms (data_request, benefits_form, benefits_list) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-06 05:25:18 +01:00
Maciej Pienczyn	cebe52f303	refactor: Rebranding i aktualizacja modelu AI - Zmiana nazwy: "Norda Biznes Hub" → "Norda Biznes Partner" - Aktualizacja modelu AI: Gemini 2.0 Flash → Gemini 3 Flash - Zachowano historyczne odniesienia w timeline i dokumentacji Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-29 14:08:39 +01:00
Maciej Pienczyn	02fc67bf40	Initial commit	2026-01-01 14:01:49 +01:00

Author

SHA1

Message

Date

Maciej Pienczyn

e718d96a7d

fix(security): Resolve 1 HIGH and 7 MEDIUM vulnerabilities from code review

NordaBiz Tests / Unit & Integration Tests (push) Waiting to run

Details

NordaBiz Tests / E2E Tests (Playwright) (push) Blocked by required conditions

Details

NordaBiz Tests / Smoke Tests (Production) (push) Blocked by required conditions

Details

NordaBiz Tests / Send Failure Notification (push) Blocked by required conditions

Details

- HIGH: Fix SQL injection in ZOPK knowledge service (3 functions) — replace f-strings with parameterized queries
- MEDIUM: Sanitize tsquery/LIKE input in SearchService to prevent injection
- MEDIUM: Add @login_required + @role_required(ADMIN) to /health/full endpoint
- MEDIUM: Add @role_required(ADMIN) to ZOPK knowledge search API
- MEDIUM: Add bleach HTML sanitization on write for announcements, events, board proceedings (stored XSS via |safe)
- MEDIUM: Remove partial API key from Gemini service logs
- MEDIUM: Remove @csrf.exempt from chat endpoints, add X-CSRFToken headers in JS
- MEDIUM: Add missing CSRF tokens to 3 POST forms (data_request, benefits_form, benefits_list)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-06 05:25:18 +01:00

Maciej Pienczyn

cebe52f303

refactor: Rebranding i aktualizacja modelu AI

- Zmiana nazwy: "Norda Biznes Hub" → "Norda Biznes Partner"
- Aktualizacja modelu AI: Gemini 2.0 Flash → Gemini 3 Flash
- Zachowano historyczne odniesienia w timeline i dokumentacji

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-29 14:08:39 +01:00

Maciej Pienczyn

02fc67bf40

Initial commit

2026-01-01 14:01:49 +01:00

3 Commits