odysseus/tests at cb6f6b65ea574cad538771f89592c0ad39e83c2e - odysseus - Gitea: Git with a cup of tea

Salastil/odysseus

mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-16 01:35:36 -04:00

Files

T

History

Ernest Hysa cb6f6b65ea fix(research): validate session_id to block path traversal

Every research endpoint interpolates session_id into filesystem paths
(Path('data/deep_research') / f'{session_id}.json') without checking
for traversal sequences. A crafted ID like '../../data/auth' reaches
arbitrary JSON files — readable via research_detail (which also leaks
file paths in error messages), writable via research_archive, and
deletable via research_delete.

Add _validate_session_id() which rejects anything outside
[a-zA-Z0-9-]{1,128}. Called before filesystem access in all 12
endpoints that accept a session_id path parameter.

2026-06-01 23:25:38 +01:00

..

bombadil-spec.ts

Odysseus v1.0

2026-05-31 23:58:26 +09:00

conftest.py

Odysseus v1.0

2026-05-31 23:58:26 +09:00

test_action_intents.py

Route calendar action requests to tools

2026-06-01 14:32:41 +09:00

test_agent_loop.py

Fix fresh checkout test failures

2026-06-01 02:22:17 +00:00

test_app.py

Fix fresh checkout test failures

2026-06-01 02:22:17 +00:00

test_auth_event_loop.py

Stabilize security regression tests

2026-06-02 05:48:59 +09:00

test_auth_regressions.py

Add native Windows compatibility layer

2026-06-01 15:09:47 +09:00

test_auth_session_revocation.py

Stabilize auth session revocation tests

2026-06-02 06:02:49 +09:00

test_backup_cli_security.py

Harden backup restore tar extraction

2026-06-02 05:55:03 +09:00

test_calendar_owner_scope.py

Stabilize security regression tests

2026-06-02 05:48:59 +09:00

test_calendar_recurrence.py

Fix YEARLY recurring CalDAV events only showing on DTSTART year (#179 )

2026-06-01 13:42:44 +09:00

test_chat_stream_scope.py

Fix chat stream recovery and PDF library indexing (#468 )

2026-06-01 22:33:35 +09:00

test_chroma_client.py

fix: ChromaDB unreachable blocks app startup for 30-60s (#326 ) (#476 )

2026-06-01 22:22:41 +09:00

test_compare_js.py

Fix duplicate compare modal on repeated clicks (#491 )

2026-06-01 22:24:27 +09:00

test_context_compactor.py

Preserve large pasted messages in context

2026-06-01 12:38:35 +09:00

test_cookbook_helpers.py

Allow serving cached local llama.cpp models

2026-06-01 23:10:08 +09:00

test_deep_research_extraction_controls.py

Add Deep Research extraction controls

2026-06-01 14:55:33 +09:00

test_document_tool_owner_scope.py

Scope document tools to caller owner

2026-06-02 06:00:02 +09:00

test_endpoint_resolver.py

feat(ai): add OpenRouter and Ollama Cloud providers (#231 )

2026-06-01 14:26:10 +09:00

test_gallery_image_privileges.py

Gate image editor AI endpoints by privilege (#447 )

2026-06-01 22:35:24 +09:00

test_hwfit_macos.py

fix: require GGUF sources for llama downloads (#368 )

2026-06-01 22:47:47 +09:00

test_llm_core_concurrency.py

Make LLM host health maps thread-safe

2026-06-02 05:54:23 +09:00

test_llm_core_ollama.py

feat(ai): add OpenRouter and Ollama Cloud providers (#231 )

2026-06-01 14:26:10 +09:00

test_model_context.py

Refresh local model context after restart

2026-06-02 05:54:06 +09:00

test_model_routes.py

Improve Ollama endpoint error messages

2026-06-02 05:53:50 +09:00

test_null_owner_gates.py

Odysseus v1.0

2026-05-31 23:58:26 +09:00

test_pdf_runtime.py

Show a clear message when PyMuPDF is missing

2026-06-01 18:27:17 +09:00

test_personal_docs_pdf_index.py

Fix chat stream recovery and PDF library indexing (#468 )

2026-06-01 22:33:35 +09:00

test_personal_upload_isolation.py

Scope personal RAG uploads by owner (#446 )

2026-06-01 22:36:53 +09:00

test_rate_limiter.py

Odysseus v1.0

2026-05-31 23:58:26 +09:00

test_reply_recipients_js.py

Keep Cc recipients in reply-all

2026-06-01 18:29:22 +09:00

test_research_session_id_validation.py

fix(research): validate session_id to block path traversal

2026-06-01 23:25:38 +01:00

test_research_utils.py

fix: deep research discards valid sources mentioning cookies/copyright (#481 )

2026-06-01 22:26:37 +09:00

test_reserved_username_admin_escalation.py

Reserve internal sentinel usernames

2026-06-02 05:58:58 +09:00

test_review_regressions.py

Restrict provider discovery to admins

2026-06-02 05:54:40 +09:00

test_search_query.py

Fix year extraction in research queries

2026-06-01 23:09:41 +09:00

test_search_ranking.py

Odysseus v1.0

2026-05-31 23:58:26 +09:00

test_security_regressions.py

Harden PDF document markers against cross-owner upload access (#445 )

2026-06-01 22:38:14 +09:00

test_session_mode_helpers.py

Fix database stubs in regression tests (#301 )

2026-06-01 16:55:09 +09:00

test_settings_scrub.py

Deep-scrub secrets from public settings

2026-06-01 23:11:50 +09:00

test_setup_admin_user.py

Normalize setup admin username (#448 )

2026-06-01 22:38:56 +09:00

test_shell_routes.py

Harden Cookbook package SSH probe

2026-06-01 22:44:34 +09:00

test_skills_manager_owner_isolation.py

Scope skill mutations to caller owner

2026-06-02 05:59:43 +09:00

test_task_scheduler_session_delivery.py

Prevent task session delivery NOT NULL crashes

2026-06-01 18:28:48 +09:00

test_vision_model_detection.py

Recognize local vision models so their images aren't dropped (#185 )

2026-06-01 13:09:21 +09:00

test_visual_report.py

Fix visual report chapter navigation (#505 )

2026-06-01 22:26:13 +09:00