Backup_Repos/Radarr
1
0
Fork 0
mirror of https://github.com/Radarr/Radarr synced 2026-01-25 00:41:50 +01:00
Code Issues Projects Releases Wiki Activity
13478 commits 42 branches 258 tags 385 MiB
Commit graph

13478 commits

This branch
This branch
All branches
Author SHA1 Message Date
admin
dda89e2fda Optimize O(n*m) Contains patterns with HashSet 
- MovieService.FindByTitle: Convert title lists to HashSets
- MoviesSearchService: Convert queue IDs to HashSet
 2025-12-19 13:11:07 -06:00
admin
0e5abe56f0 Cache regex instances as static compiled fields 
- SkyHookProxy: Cache IMDB/TMDB URL regexes
- PushsaferSettings: Cache hex color validation regex
- Parser: Cache IMDB ID validation regex
 2025-12-19 13:08:40 -06:00
Cody Kickertz
b85eb4fcde
Merge pull request #67 from cheir-mneme/fix/p3-security 
fix(security): P3 security vulnerabilities and mitigations
 2025-12-19 12:27:44 -06:00
admin
019f0862b3 fix(security): address P3 vulnerabilities and add mitigations 
Security fixes:
- XXE prevention: disable XmlResolver in UTorrentProxy.cs (#42)
- Path traversal: validate paths in LogFileController.cs (#44)
- Path traversal: validate paths in MediaCoverController.cs (#44)
- ReDoS mitigation: add 5s timeout to user regex patterns

Documentation:
- CORS: document security rationale in Startup.cs (#43)

Closes #42, #43, #44
Related: #59, #60, #61 (SonarCloud triage - GitHub alerts now at 0 open)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2025-12-19 12:12:54 -06:00
Cody Kickertz
f7fca51da7
Merge pull request #66 from cheir-mneme/fix/p2-ci-tooling 
fix(ci): P2 improvements - editorconfig, integration tests, Prettier 3
 2025-12-19 12:00:25 -06:00
admin
7961b36547 fix(ci): P2 improvements - editorconfig, integration tests, Prettier 3 
- Remove duplicate dotnet_style_qualification rules in .editorconfig
- Update Radarr branding to Aletheia in .editorconfig
- Add integration tests step to build.yml (with continue-on-error)
- Upgrade Prettier to 3.7.4, eslint-plugin-prettier to 5.5.4
- Upgrade eslint-config-prettier to 10.1.8
- Fix pre-existing lint errors (unused vars, radix parameter)
- Reformat frontend code with Prettier 3 formatting changes

Closes #57 (SonarCloud deferred - needs org setup)
Closes #58, #62 (partial - ESLint 9 deferred), #63

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2025-12-19 11:46:44 -06:00
Cody Kickertz
b10c795c24
Merge pull request #65 from cheir-mneme/fix/ci-p1-workflow 
fix(ci): add CODEOWNERS, enable test blocking, add pre-commit hooks
 2025-12-19 11:29:59 -06:00
admin
1fcbee8227 chore: update yarn.lock with husky and lint-staged 2025-12-19 11:13:45 -06:00
admin
37ed597adf fix(ci): add CODEOWNERS, enable test blocking, add pre-commit hooks 2025-12-19 11:03:07 -06:00
Cody Kickertz
ca643b656e
Merge pull request #64 from cheir-mneme/fix/ci-p0-cleanup 
fix(ci): pin Trivy action and update branding
 2025-12-19 10:53:53 -06:00
admin
c0ae8a8506 fix(ci): pin Trivy action and update branding 2025-12-19 10:44:32 -06:00
admin
a57775a9ee fix: thread-safe SHA1 hashing in HashConverter 2025-12-19 10:29:44 -06:00
admin
1fe49f6bf2 test: add IMDb list error message verification tests 2025-12-19 10:15:33 -06:00
Cody Kickertz
7b4f77604f
Merge pull request #49 from cheir-mneme/fix/technical-debt-cleanup 
fix: Remaining technical debt bugs (Bug-001, Bug-006)
 2025-12-19 10:03:38 -06:00
admin
0dc6442986 Fix CancellationTokenSource resource leaks (BLOCKER severity) 
- ManagedHttpDispatcher: Dispose quickFailCts and linkedTokenSource in finally block
- CommandExecutor: Dispose _cancellationTokenSource on shutdown
- Scheduler: Dispose _cancellationTokenSource on shutdown
- IntegrationTestBase: Store CTS as field and dispose in TearDown

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2025-12-19 09:35:35 -06:00
admin
e2b2227a17 Fix blocking semaphore in MediaCoverService 
Convert _semaphore.Wait() to async pattern with WaitAsync()
to prevent thread blocking during image resizing operations.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2025-12-19 09:26:41 -06:00
admin
f435f38a27 Fix remaining technical debt bugs 
- Bug-001: Add null check for SingleOrDefault() in TorrentRssParser
- Bug-006: Replace generic Exception with PathCombinationException in OsPath
- Bug-006: Replace generic Exception with NotSupportedException in IMDbListRequestGenerator
 2025-12-19 09:05:54 -06:00
Cody Kickertz
d82f07e872
Merge pull request #31 from cheir-mneme/fix/sonarcloud-cleanup 
refactor: SonarCloud technical debt cleanup
 2025-12-19 08:42:54 -06:00
admin
79e3a6b126 Fix CodeQL rule ID for insecure-direct-object-reference 2025-12-18 21:42:06 -06:00
admin
320371ab71 Remove SonarCloud CI workflow - conflicts with automatic analysis 2025-12-18 21:30:57 -06:00
admin
09174a6303 Remove sonar-project.properties - not supported by SonarScanner for .NET 2025-12-18 21:25:33 -06:00
admin
94ff8a3874 Add CI-based SonarCloud workflow with rule exclusions 2025-12-18 21:21:09 -06:00
admin
809dfdafab Suppress S5145 log injection false positive in editorconfig 2025-12-18 21:15:30 -06:00
admin
c674213d5f Exclude SonarCloud S5145 false positive log injection warnings 2025-12-18 21:08:44 -06:00
admin
fd2f703f52 Exclude additional CodeQL false positives for single-user app 2025-12-18 21:00:20 -06:00
admin
607f9f78b4 Update CodeQL config to exclude path-injection and use security-extended 2025-12-18 20:49:12 -06:00
admin
a01460aaa8 Trigger CI after disabling default CodeQL 2025-12-18 20:39:15 -06:00
admin
13089c8656 Fix CodeQL qlpack.yml - add library: true 2025-12-18 20:32:06 -06:00
admin
adced83df6 Add custom CodeQL config to exclude log-forging false positives 2025-12-18 20:27:33 -06:00
admin
1190d218af Add log sanitization for CodeQL log forging alerts 2025-12-18 20:17:42 -06:00
admin
b1f50bae97 Fix deadlock risk in ReleasePushController with async SemaphoreSlim 2025-12-18 20:02:15 -06:00
admin
2b19ec07ff fix: resolve technical debt and npm vulnerabilities 
NPM Security (0 vulnerabilities remaining):
- Add yarn resolutions for cross-spawn, brace-expansion, color-string, glob, postcss

Bug fixes:
- Bug-002: Use FirstOrDefault with null check (DownloadStationTaskProxyV2)
- Bug-007: Fix inverted exception logic for magnet fallback (TorrentClientBase)
- Bug-008: Fix stale closure using ref (MovieSearchInput)
- Bug-009: Fix Number.Number.parseInt typos across 50+ files
- Bug-010: Add regex timeout and Compiled flag (RegexReplace)
- Bug-011: Add null checks for XML queries (ConfigFileProvider)
- Bug-012: Remove empty touch handler (MovieDetails)
- Bug-013: Use Path.GetFileName for safer check (InstallUpdateService)
- Bug-014: Return Ok instead of Accepted for sync PUT (MovieController)
- Bug-016: Fix double bracket typo in log message (InstallUpdateService)
- Bug-017: Add console.warn to catch block (MovieTagInput)
- Bug-018: Remove stray debug console.log (SignalRConnector)
- Bug-019: Document disabled regex with ReDoS justification (Parser)
 2025-12-18 19:54:02 -06:00
admin
5c51367bec fix(security): sanitize user-controlled strings in log statements 
Add SanitizeForLog() extension method to prevent log forging attacks
by replacing control characters (newlines, etc.) with spaces. Applied
across 30 files that log user-controlled data like paths, titles,
URLs, and usernames.

Fixes CodeQL log-forging alerts.
 2025-12-18 17:17:02 -06:00
admin
4f74e2aa1d docs: remove tech debt tracking from repo (moved to wrapper) 2025-12-18 16:51:17 -06:00
admin
59bb2cf4be docs: add comprehensive technical debt tracking 2025-12-18 16:49:27 -06:00
admin
3202b6bfe8 ci: remove sonarcloud workflow (conflicts with automatic analysis) 2025-12-18 16:47:49 -06:00
admin
9c0e11b40b refactor: remove redundant boolean literals (S1125) 
Replace == false with negation operator, remove == true comparisons
 2025-12-18 16:31:05 -06:00
Cody Kickertz
79f6da9707
Update README for clarity and typo corrections 
Corrected typos and improved clarity in the README.
 2025-12-18 16:20:31 -06:00
admin
9526078d16 refactor: use Number.parseInt/parseFloat/isNaN (S7773) 
Use Number static methods instead of global functions for better
clarity and consistency.
 2025-12-18 16:19:34 -06:00
admin
021fd9b55e perf: use char overloads for StartsWith/EndsWith (S6610) 
Use single character overloads instead of single-character string
overloads for better performance.
 2025-12-18 16:17:37 -06:00
admin
6b67a1672c refactor: seal non-derived private classes (S3260) 
63 private nested classes marked as sealed since they have no derived classes.
 2025-12-18 16:05:31 -06:00
admin
b5bcb14d75 refactor: make methods static where instance data not used (S2325) 
~243 methods converted to static where they don't access instance data.
Fixed call sites that needed to use type name instead of instance.
 2025-12-18 16:02:13 -06:00
admin
aa748bfaa6 refactor: reduce LanguageParser cognitive complexity 
Replace 40+ individual if statements with dictionary-based lookup.
Extract helper methods for keyword, case-sensitive regex, and
case-insensitive regex language detection. Original method reduced
from ~400 lines to ~17 lines while preserving all behavior.
 2025-12-18 15:48:31 -06:00
admin
6a4fb133b5 refactor: reduce MyAnonamouseParser cognitive complexity 
Extract helper methods for author parsing, title flags, and freeleech
detection to simplify the main ParseResponse loop.

Addresses #30
 2025-12-18 15:43:56 -06:00
admin
c9c3948af6 refactor(ui): extract PosterDateRow to reduce MovieIndexPoster complexity 
Extract repetitive date display logic into PosterDateRow component.
Reduces cognitive complexity from 30 to ~20 by consolidating 4 similar
conditional blocks into reusable component calls.
 2025-12-18 15:38:29 -06:00
admin
9de2f9a168 refactor: replace ApplicationException with domain-specific exceptions 
Create custom exception classes:
- InvalidDatabaseSchemaException for migration errors
- ServiceInstallationException for service install failures
- DataRetrievalException for repository query mismatches
- InvalidRequestException for HTTP request validation
- InvalidHeaderException for HTTP header validation

Resolves SonarCloud S3988 (ApplicationException usage).
 2025-12-18 15:37:21 -06:00
admin
1b42fe1e25 fix: mark React component props as Readonly 
Bulk update to make all component props immutable at the type level.
This prevents accidental prop mutation and improves type safety.

Resolves ~50 SonarCloud code smells.
 2025-12-18 15:31:40 -06:00
Cody Kickertz
1bfa716745
Merge pull request #29 from cheir-mneme/feature/indexer-management 
feat: Sprint 3 - Multi-media indexer support
 2025-12-18 15:13:59 -06:00
admin
f7a196dec6 fix: add timeout to regex for DoS prevention 2025-12-18 15:02:41 -06:00
admin
fb6e131d68 fix: address code review findings 
- Fix Torznab default definition protocol (Usenet -> Torrent)
- Add try-catch around JSON deserialization in MAM parser
- Add logging for author info parse failures
- Add null check for JSON response
 2025-12-18 14:51:22 -06:00