Backup_Repos/Radarr
1
0
Fork 0
mirror of https://github.com/Radarr/Radarr synced 2026-01-24 16:32:41 +01:00
Code Issues Projects Releases Wiki Activity
13486 commits 42 branches 258 tags 385 MiB
Commit graph

7427 commits

Author SHA1 Message Date
admin
6d17e5eaff Fix SonarCloud bugs: threading, React state, sorting 
Backend:
- S2445: Make _connections readonly in MessageHub.cs to fix locking issue

Frontend:
- S6756: Use callback form of setState when referencing previous state
  - Collection.js, DiscoverMovie.js, ImportMovie.js
  - ImportMovieSelectMovie.js, EditQualityProfileModalContentConnector.js
- S2871: Add localeCompare for proper alphabetical sorting
  - Collection.js, DiscoverMovie.js, MovieIndex.tsx
- S1764: Remove duplicate condition in QualityProfileSelectInput.tsx
 2025-12-19 15:15:24 -06:00
Cody Kickertz
0366c8f258
Merge pull request #68 from cheir-mneme/fix/p4-backend 
perf: backend optimizations for regex caching and O(n*m) patterns
 2025-12-19 13:45:24 -06:00
admin
189039c875 fix(security): add path validation to OpenWriteStream and regex timeouts 
- DiskProviderBase: Add Ensure.That path validation to OpenWriteStream
- CleanseLogMessage: Add 5-second timeout to all 22 regex patterns to prevent ReDoS
 2025-12-19 13:22:25 -06:00
admin
dda89e2fda Optimize O(n*m) Contains patterns with HashSet 
- MovieService.FindByTitle: Convert title lists to HashSets
- MoviesSearchService: Convert queue IDs to HashSet
 2025-12-19 13:11:07 -06:00
admin
0e5abe56f0 Cache regex instances as static compiled fields 
- SkyHookProxy: Cache IMDB/TMDB URL regexes
- PushsaferSettings: Cache hex color validation regex
- Parser: Cache IMDB ID validation regex
 2025-12-19 13:08:40 -06:00
admin
019f0862b3 fix(security): address P3 vulnerabilities and add mitigations 
Security fixes:
- XXE prevention: disable XmlResolver in UTorrentProxy.cs (#42)
- Path traversal: validate paths in LogFileController.cs (#44)
- Path traversal: validate paths in MediaCoverController.cs (#44)
- ReDoS mitigation: add 5s timeout to user regex patterns

Documentation:
- CORS: document security rationale in Startup.cs (#43)

Closes #42, #43, #44
Related: #59, #60, #61 (SonarCloud triage - GitHub alerts now at 0 open)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2025-12-19 12:12:54 -06:00
admin
a57775a9ee fix: thread-safe SHA1 hashing in HashConverter 2025-12-19 10:29:44 -06:00
admin
1fe49f6bf2 test: add IMDb list error message verification tests 2025-12-19 10:15:33 -06:00
admin
0dc6442986 Fix CancellationTokenSource resource leaks (BLOCKER severity) 
- ManagedHttpDispatcher: Dispose quickFailCts and linkedTokenSource in finally block
- CommandExecutor: Dispose _cancellationTokenSource on shutdown
- Scheduler: Dispose _cancellationTokenSource on shutdown
- IntegrationTestBase: Store CTS as field and dispose in TearDown

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2025-12-19 09:35:35 -06:00
admin
e2b2227a17 Fix blocking semaphore in MediaCoverService 
Convert _semaphore.Wait() to async pattern with WaitAsync()
to prevent thread blocking during image resizing operations.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2025-12-19 09:26:41 -06:00
admin
f435f38a27 Fix remaining technical debt bugs 
- Bug-001: Add null check for SingleOrDefault() in TorrentRssParser
- Bug-006: Replace generic Exception with PathCombinationException in OsPath
- Bug-006: Replace generic Exception with NotSupportedException in IMDbListRequestGenerator
 2025-12-19 09:05:54 -06:00
admin
1190d218af Add log sanitization for CodeQL log forging alerts 2025-12-18 20:17:42 -06:00
admin
b1f50bae97 Fix deadlock risk in ReleasePushController with async SemaphoreSlim 2025-12-18 20:02:15 -06:00
admin
2b19ec07ff fix: resolve technical debt and npm vulnerabilities 
NPM Security (0 vulnerabilities remaining):
- Add yarn resolutions for cross-spawn, brace-expansion, color-string, glob, postcss

Bug fixes:
- Bug-002: Use FirstOrDefault with null check (DownloadStationTaskProxyV2)
- Bug-007: Fix inverted exception logic for magnet fallback (TorrentClientBase)
- Bug-008: Fix stale closure using ref (MovieSearchInput)
- Bug-009: Fix Number.Number.parseInt typos across 50+ files
- Bug-010: Add regex timeout and Compiled flag (RegexReplace)
- Bug-011: Add null checks for XML queries (ConfigFileProvider)
- Bug-012: Remove empty touch handler (MovieDetails)
- Bug-013: Use Path.GetFileName for safer check (InstallUpdateService)
- Bug-014: Return Ok instead of Accepted for sync PUT (MovieController)
- Bug-016: Fix double bracket typo in log message (InstallUpdateService)
- Bug-017: Add console.warn to catch block (MovieTagInput)
- Bug-018: Remove stray debug console.log (SignalRConnector)
- Bug-019: Document disabled regex with ReDoS justification (Parser)
 2025-12-18 19:54:02 -06:00
admin
5c51367bec fix(security): sanitize user-controlled strings in log statements 
Add SanitizeForLog() extension method to prevent log forging attacks
by replacing control characters (newlines, etc.) with spaces. Applied
across 30 files that log user-controlled data like paths, titles,
URLs, and usernames.

Fixes CodeQL log-forging alerts.
 2025-12-18 17:17:02 -06:00
admin
9c0e11b40b refactor: remove redundant boolean literals (S1125) 
Replace == false with negation operator, remove == true comparisons
 2025-12-18 16:31:05 -06:00
admin
021fd9b55e perf: use char overloads for StartsWith/EndsWith (S6610) 
Use single character overloads instead of single-character string
overloads for better performance.
 2025-12-18 16:17:37 -06:00
admin
6b67a1672c refactor: seal non-derived private classes (S3260) 
63 private nested classes marked as sealed since they have no derived classes.
 2025-12-18 16:05:31 -06:00
admin
b5bcb14d75 refactor: make methods static where instance data not used (S2325) 
~243 methods converted to static where they don't access instance data.
Fixed call sites that needed to use type name instead of instance.
 2025-12-18 16:02:13 -06:00
admin
aa748bfaa6 refactor: reduce LanguageParser cognitive complexity 
Replace 40+ individual if statements with dictionary-based lookup.
Extract helper methods for keyword, case-sensitive regex, and
case-insensitive regex language detection. Original method reduced
from ~400 lines to ~17 lines while preserving all behavior.
 2025-12-18 15:48:31 -06:00
admin
6a4fb133b5 refactor: reduce MyAnonamouseParser cognitive complexity 
Extract helper methods for author parsing, title flags, and freeleech
detection to simplify the main ParseResponse loop.

Addresses #30
 2025-12-18 15:43:56 -06:00
admin
9de2f9a168 refactor: replace ApplicationException with domain-specific exceptions 
Create custom exception classes:
- InvalidDatabaseSchemaException for migration errors
- ServiceInstallationException for service install failures
- DataRetrievalException for repository query mismatches
- InvalidRequestException for HTTP request validation
- InvalidHeaderException for HTTP header validation

Resolves SonarCloud S3988 (ApplicationException usage).
 2025-12-18 15:37:21 -06:00
admin
f7a196dec6 fix: add timeout to regex for DoS prevention 2025-12-18 15:02:41 -06:00
admin
fb6e131d68 fix: address code review findings 
- Fix Torznab default definition protocol (Usenet -> Torrent)
- Add try-catch around JSON deserialization in MAM parser
- Add logging for author info parse failures
- Add null check for JSON response
 2025-12-18 14:51:22 -06:00
admin
2045f39037 feat(ui): add media type badge to poster view 2025-12-18 14:42:42 -06:00
admin
bd6f7ece9c feat(indexer): enable book and audiobook support in Newznab/Torznab 2025-12-18 14:37:01 -06:00
admin
2bf1fe4367 feat(indexer): add MyAnonamouse indexer for books and audiobooks 2025-12-18 14:34:50 -06:00
admin
6328e72c96 Merge remote-tracking branch 'origin/develop' into feature/indexer-management 2025-12-18 14:22:33 -06:00
dependabot[bot]
f5bee00f7c
Bump the nuget group with 1 update 
Bumps System.Private.Uri from 4.3.0 to 4.3.2

---
updated-dependencies:
- dependency-name: System.Private.Uri
  dependency-version: 4.3.2
  dependency-type: direct:production
  dependency-group: nuget
- dependency-name: System.Private.Uri
  dependency-version: 4.3.2
  dependency-type: direct:production
  dependency-group: nuget
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-18 20:00:46 +00:00
admin
ef296bc95e feat(indexer): add book/audiobook search criteria 
Add search criteria classes and update request generators:
- BookSearchCriteria (Author, Title, ISBN, Publisher, Year)
- AudiobookSearchCriteria (Author, Title, Narrator, ASIN, ISBN)
- Updated IIndexerRequestGenerator interface
- Implemented book/audiobook search in NewznabRequestGenerator
- Added stub implementations to all other request generators
 2025-12-18 13:25:20 -06:00
admin
86faa9aef7 feat(indexer): add multi-media type foundation 
Add MediaType enum and indexer support for books/audiobooks:
- MediaType enum (Movie, TV, Music, Book, Audiobook, Podcast, Comic)
- NewznabStandardCategory constants for all media types
- Database migration 243 for SupportedMediaTypes column
- Updated IndexerDefinition, IIndexer, IndexerBase
- Updated README with current project status
 2025-12-18 13:19:16 -06:00
Cody Kickertz
09b1d24ce8
Merge pull request #17 from cheir-mneme/feature/unpackerr 
feat(download): add automatic archive extraction (Unpackerr)
 2025-12-18 11:50:53 -06:00
admin
e43ea2682c fix(style): remove unused using, use AsSpan over Substring 2025-12-18 11:38:55 -06:00
admin
0502343800 fix(style): use explicit JsonSerializerOptions type 2025-12-18 11:38:05 -06:00
admin
79481d5491 fix(style): use explicit HashSet type for StyleCop SA1000 2025-12-18 11:22:59 -06:00
admin
ee7da59382 fix(style): use explicit HashSet type for StyleCop SA1000 2025-12-18 11:22:43 -06:00
admin
5c2378a1e6 feat(download): add automatic archive extraction (Unpackerr absorption) 
- Add SharpCompress for RAR/7z support
- Extend ArchiveService with RAR, 7z extraction via SharpCompress
- Add DownloadExtractionService for orchestrating extraction
- Add config: AutoExtractArchives (default: false)
- Add config: DeleteArchiveAfterExtraction (default: true)
- Integrate extraction into CompletedDownloadService

Note: UI settings page not yet implemented - backend foundation only.
 2025-12-18 11:13:29 -06:00
admin
abfa1bde8b fix(security): address pre-release security blockers 
- Reject unknown sender types in certificate validation
- Disable auto-redirect in SkyHookProxy to prevent HTTPS downgrade
- Use proper JSON serialization in InitializeJsonController
- Add whitelist validation for Type.GetType in converters
 2025-12-18 11:12:57 -06:00
admin
fbb205c2b6 refactor: remove empty housekeeping classes and commented properties 2025-12-18 10:07:30 -06:00
admin
d9597db83f refactor: rename project from Logarr to Aletheia 2025-12-18 09:41:48 -06:00
admin
ebde5f3a27 fix: resolve build issues for local development 2025-12-17 20:27:48 -06:00
admin
b8c130c73d fix(security): patch SQL injection, path traversal, command injection 2025-12-17 19:30:35 -06:00
admin
b600beb3ea feat(privacy): remove telemetry, analytics, fingerprinting 2025-12-17 18:41:03 -06:00
admin
b6837de9f4 feat: initial project branding and setup 2025-12-17 17:45:37 -06:00
Erik Frantz
4c00729183
Fix: (#11303) collection API error when using Movie CollectionThe (#11304) 
Co-authored-by: Bogdan <mynameisbogdan@users.noreply.github.com>
 2025-12-10 20:56:11 +01:00
Robin Dadswell
b59ff0a3b1 Skip proxy tests on MacOsX 2025-11-27 10:14:47 +00:00
Stevie Robinson
949922b9a1 New: add TTL setting for pushover notifications 
(cherry picked from commit 317cdf15582746bd4e713d6b99e17a21dcb8abeb)
 2025-11-19 08:10:22 +01:00
Mark McDowall
90cd8df1ae Add private IPv6 networks 
(cherry picked from commit 52972e7efcce800560cbbaa64f5f76aaef6cbe77)
 2025-11-09 10:20:36 +00:00
Mark McDowall
7d8444c435 Set known networks to RFC 1918 ranges during startup 
(cherry picked from commit d10107739b9ed6a50165e5dd1dfae15c7e8aea56)
 2025-10-30 09:37:21 -05:00
Polgonite
1883ae52ac Fixed: qBittorrent /login API success check 2025-10-29 17:59:53 -05:00