Backup_Repos/Radarr
1
0
Fork 0
mirror of https://github.com/Radarr/Radarr synced 2026-01-24 08:23:54 +01:00
Code Issues Projects Releases Wiki Activity
13486 commits 42 branches 258 tags 385 MiB
Commit graph

13486 commits

This branch
This branch
All branches
Author SHA1 Message Date
admin
6d17e5eaff Fix SonarCloud bugs: threading, React state, sorting 
Backend:
- S2445: Make _connections readonly in MessageHub.cs to fix locking issue

Frontend:
- S6756: Use callback form of setState when referencing previous state
  - Collection.js, DiscoverMovie.js, ImportMovie.js
  - ImportMovieSelectMovie.js, EditQualityProfileModalContentConnector.js
- S2871: Add localeCompare for proper alphabetical sorting
  - Collection.js, DiscoverMovie.js, MovieIndex.tsx
- S1764: Remove duplicate condition in QualityProfileSelectInput.tsx
 2025-12-19 15:15:24 -06:00
Cody Kickertz
220eba471b
Merge pull request #71 from cheir-mneme/fix/eslint-v9-migration 
Migrate to ESLint 9 flat config
 2025-12-19 15:03:41 -06:00
admin
cca1b47936 Migrate to ESLint 9 flat config 
- Create eslint.config.mjs with ESM flat config format
- Remove legacy .eslintrc.js and .eslintignore
- Remove eslint-plugin-filenames (not ESLint 9 compatible)
- Update lint-staged to use new config
- Clean up unused eslint-disable directives
 2025-12-19 14:44:01 -06:00
Cody Kickertz
32d072dd8a
Merge pull request #70 from cheir-mneme/fix/p4-frontend 
fix(frontend): React quality improvements - keys, types, memoization
 2025-12-19 14:39:40 -06:00
admin
a7852b6fcf fix(frontend): address React and TypeScript quality issues 
- Replace index-as-key antipattern with stable keys (#34)
- Remove TypeScript any types in favor of proper types (#37)
- Memoize inline style objects to prevent unnecessary re-renders (#41)

Files: 17 frontend components updated
 2025-12-19 14:20:40 -06:00
Cody Kickertz
0366c8f258
Merge pull request #68 from cheir-mneme/fix/p4-backend 
perf: backend optimizations for regex caching and O(n*m) patterns
 2025-12-19 13:45:24 -06:00
Cody Kickertz
fcb1c783f7
Merge pull request #69 from cheir-mneme/fix/p4-audit-security 
fix(security): address audit findings - path validation and ReDoS
 2025-12-19 13:33:59 -06:00
admin
189039c875 fix(security): add path validation to OpenWriteStream and regex timeouts 
- DiskProviderBase: Add Ensure.That path validation to OpenWriteStream
- CleanseLogMessage: Add 5-second timeout to all 22 regex patterns to prevent ReDoS
 2025-12-19 13:22:25 -06:00
admin
dda89e2fda Optimize O(n*m) Contains patterns with HashSet 
- MovieService.FindByTitle: Convert title lists to HashSets
- MoviesSearchService: Convert queue IDs to HashSet
 2025-12-19 13:11:07 -06:00
admin
0e5abe56f0 Cache regex instances as static compiled fields 
- SkyHookProxy: Cache IMDB/TMDB URL regexes
- PushsaferSettings: Cache hex color validation regex
- Parser: Cache IMDB ID validation regex
 2025-12-19 13:08:40 -06:00
Cody Kickertz
b85eb4fcde
Merge pull request #67 from cheir-mneme/fix/p3-security 
fix(security): P3 security vulnerabilities and mitigations
 2025-12-19 12:27:44 -06:00
admin
019f0862b3 fix(security): address P3 vulnerabilities and add mitigations 
Security fixes:
- XXE prevention: disable XmlResolver in UTorrentProxy.cs (#42)
- Path traversal: validate paths in LogFileController.cs (#44)
- Path traversal: validate paths in MediaCoverController.cs (#44)
- ReDoS mitigation: add 5s timeout to user regex patterns

Documentation:
- CORS: document security rationale in Startup.cs (#43)

Closes #42, #43, #44
Related: #59, #60, #61 (SonarCloud triage - GitHub alerts now at 0 open)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2025-12-19 12:12:54 -06:00
Cody Kickertz
f7fca51da7
Merge pull request #66 from cheir-mneme/fix/p2-ci-tooling 
fix(ci): P2 improvements - editorconfig, integration tests, Prettier 3
 2025-12-19 12:00:25 -06:00
admin
7961b36547 fix(ci): P2 improvements - editorconfig, integration tests, Prettier 3 
- Remove duplicate dotnet_style_qualification rules in .editorconfig
- Update Radarr branding to Aletheia in .editorconfig
- Add integration tests step to build.yml (with continue-on-error)
- Upgrade Prettier to 3.7.4, eslint-plugin-prettier to 5.5.4
- Upgrade eslint-config-prettier to 10.1.8
- Fix pre-existing lint errors (unused vars, radix parameter)
- Reformat frontend code with Prettier 3 formatting changes

Closes #57 (SonarCloud deferred - needs org setup)
Closes #58, #62 (partial - ESLint 9 deferred), #63

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2025-12-19 11:46:44 -06:00
Cody Kickertz
b10c795c24
Merge pull request #65 from cheir-mneme/fix/ci-p1-workflow 
fix(ci): add CODEOWNERS, enable test blocking, add pre-commit hooks
 2025-12-19 11:29:59 -06:00
admin
1fcbee8227 chore: update yarn.lock with husky and lint-staged 2025-12-19 11:13:45 -06:00
admin
37ed597adf fix(ci): add CODEOWNERS, enable test blocking, add pre-commit hooks 2025-12-19 11:03:07 -06:00
Cody Kickertz
ca643b656e
Merge pull request #64 from cheir-mneme/fix/ci-p0-cleanup 
fix(ci): pin Trivy action and update branding
 2025-12-19 10:53:53 -06:00
admin
c0ae8a8506 fix(ci): pin Trivy action and update branding 2025-12-19 10:44:32 -06:00
admin
a57775a9ee fix: thread-safe SHA1 hashing in HashConverter 2025-12-19 10:29:44 -06:00
admin
1fe49f6bf2 test: add IMDb list error message verification tests 2025-12-19 10:15:33 -06:00
Cody Kickertz
7b4f77604f
Merge pull request #49 from cheir-mneme/fix/technical-debt-cleanup 
fix: Remaining technical debt bugs (Bug-001, Bug-006)
 2025-12-19 10:03:38 -06:00
admin
0dc6442986 Fix CancellationTokenSource resource leaks (BLOCKER severity) 
- ManagedHttpDispatcher: Dispose quickFailCts and linkedTokenSource in finally block
- CommandExecutor: Dispose _cancellationTokenSource on shutdown
- Scheduler: Dispose _cancellationTokenSource on shutdown
- IntegrationTestBase: Store CTS as field and dispose in TearDown

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2025-12-19 09:35:35 -06:00
admin
e2b2227a17 Fix blocking semaphore in MediaCoverService 
Convert _semaphore.Wait() to async pattern with WaitAsync()
to prevent thread blocking during image resizing operations.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2025-12-19 09:26:41 -06:00
admin
f435f38a27 Fix remaining technical debt bugs 
- Bug-001: Add null check for SingleOrDefault() in TorrentRssParser
- Bug-006: Replace generic Exception with PathCombinationException in OsPath
- Bug-006: Replace generic Exception with NotSupportedException in IMDbListRequestGenerator
 2025-12-19 09:05:54 -06:00
Cody Kickertz
d82f07e872
Merge pull request #31 from cheir-mneme/fix/sonarcloud-cleanup 
refactor: SonarCloud technical debt cleanup
 2025-12-19 08:42:54 -06:00
admin
79e3a6b126 Fix CodeQL rule ID for insecure-direct-object-reference 2025-12-18 21:42:06 -06:00
admin
320371ab71 Remove SonarCloud CI workflow - conflicts with automatic analysis 2025-12-18 21:30:57 -06:00
admin
09174a6303 Remove sonar-project.properties - not supported by SonarScanner for .NET 2025-12-18 21:25:33 -06:00
admin
94ff8a3874 Add CI-based SonarCloud workflow with rule exclusions 2025-12-18 21:21:09 -06:00
admin
809dfdafab Suppress S5145 log injection false positive in editorconfig 2025-12-18 21:15:30 -06:00
admin
c674213d5f Exclude SonarCloud S5145 false positive log injection warnings 2025-12-18 21:08:44 -06:00
admin
fd2f703f52 Exclude additional CodeQL false positives for single-user app 2025-12-18 21:00:20 -06:00
admin
607f9f78b4 Update CodeQL config to exclude path-injection and use security-extended 2025-12-18 20:49:12 -06:00
admin
a01460aaa8 Trigger CI after disabling default CodeQL 2025-12-18 20:39:15 -06:00
admin
13089c8656 Fix CodeQL qlpack.yml - add library: true 2025-12-18 20:32:06 -06:00
admin
adced83df6 Add custom CodeQL config to exclude log-forging false positives 2025-12-18 20:27:33 -06:00
admin
1190d218af Add log sanitization for CodeQL log forging alerts 2025-12-18 20:17:42 -06:00
admin
b1f50bae97 Fix deadlock risk in ReleasePushController with async SemaphoreSlim 2025-12-18 20:02:15 -06:00
admin
2b19ec07ff fix: resolve technical debt and npm vulnerabilities 
NPM Security (0 vulnerabilities remaining):
- Add yarn resolutions for cross-spawn, brace-expansion, color-string, glob, postcss

Bug fixes:
- Bug-002: Use FirstOrDefault with null check (DownloadStationTaskProxyV2)
- Bug-007: Fix inverted exception logic for magnet fallback (TorrentClientBase)
- Bug-008: Fix stale closure using ref (MovieSearchInput)
- Bug-009: Fix Number.Number.parseInt typos across 50+ files
- Bug-010: Add regex timeout and Compiled flag (RegexReplace)
- Bug-011: Add null checks for XML queries (ConfigFileProvider)
- Bug-012: Remove empty touch handler (MovieDetails)
- Bug-013: Use Path.GetFileName for safer check (InstallUpdateService)
- Bug-014: Return Ok instead of Accepted for sync PUT (MovieController)
- Bug-016: Fix double bracket typo in log message (InstallUpdateService)
- Bug-017: Add console.warn to catch block (MovieTagInput)
- Bug-018: Remove stray debug console.log (SignalRConnector)
- Bug-019: Document disabled regex with ReDoS justification (Parser)
 2025-12-18 19:54:02 -06:00
admin
5c51367bec fix(security): sanitize user-controlled strings in log statements 
Add SanitizeForLog() extension method to prevent log forging attacks
by replacing control characters (newlines, etc.) with spaces. Applied
across 30 files that log user-controlled data like paths, titles,
URLs, and usernames.

Fixes CodeQL log-forging alerts.
 2025-12-18 17:17:02 -06:00
admin
4f74e2aa1d docs: remove tech debt tracking from repo (moved to wrapper) 2025-12-18 16:51:17 -06:00
admin
59bb2cf4be docs: add comprehensive technical debt tracking 2025-12-18 16:49:27 -06:00
admin
3202b6bfe8 ci: remove sonarcloud workflow (conflicts with automatic analysis) 2025-12-18 16:47:49 -06:00
admin
9c0e11b40b refactor: remove redundant boolean literals (S1125) 
Replace == false with negation operator, remove == true comparisons
 2025-12-18 16:31:05 -06:00
Cody Kickertz
79f6da9707
Update README for clarity and typo corrections 
Corrected typos and improved clarity in the README.
 2025-12-18 16:20:31 -06:00
admin
9526078d16 refactor: use Number.parseInt/parseFloat/isNaN (S7773) 
Use Number static methods instead of global functions for better
clarity and consistency.
 2025-12-18 16:19:34 -06:00
admin
021fd9b55e perf: use char overloads for StartsWith/EndsWith (S6610) 
Use single character overloads instead of single-character string
overloads for better performance.
 2025-12-18 16:17:37 -06:00
admin
6b67a1672c refactor: seal non-derived private classes (S3260) 
63 private nested classes marked as sealed since they have no derived classes.
 2025-12-18 16:05:31 -06:00
admin
b5bcb14d75 refactor: make methods static where instance data not used (S2325) 
~243 methods converted to static where they don't access instance data.
Fixed call sites that needed to use type name instead of instance.
 2025-12-18 16:02:13 -06:00