12 Commits

Author	SHA1	Message	Date
blacktop	c20f9af712	fix: multiple security vulnerabilities (SSRF, path traversal) ... - Remove POST /diff/files endpoint that allowed arbitrary host file reads (CWE-22); clients must now read files locally and POST content to /diff/blobs instead - Add validatePublicURL() to /info remote endpoints, rejecting URLs that resolve to loopback, private, link-local, or multicast addresses to prevent SSRF; also remove attacker-controlled proxy/insecure params - Add SanitizeArchivePath() helper that verifies extracted archive entry paths stay within the destination directory (zip-slip / tar-slip, CWE-22); replace bare filepath.Join(dest, filepath.Clean(name)) calls in SearchZip, OTA parser, AA payload extractor, and ota_extract - Fix server listen address to use net.JoinHostPort to respect Host config	2026-04-11 14:37:41 -06:00
blacktop	42ae87262d	chore: adding initial kernel symbolication support to ipswd's /syms/scan API	2024-07-16 09:29:28 -06:00
blacktop	24a64fc36f	fix: thread config.yml daemon pem-db config through ipsw API routes that can use it	2024-07-15 20:12:37 -06:00
blacktop	3021f68832	feat: add 🆕 /aea/fcs-leys/:key route to ipswd	2024-07-10 14:34:59 -06:00
blacktop	69173b32f5	feat: add NEW /syms/scan route to ipswd API to gen symbol server from IPSW	2024-07-02 10:12:14 -06:00
blacktop	1aadc75eba	feat: add ipswd /dsc/webkit API route	2023-04-18 15:32:34 -06:00
blacktop	27b24b1f0a	Update server.go	2023-04-13 22:52:54 -06:00
blacktop	d6abb0b3f4	docs: add API description	2023-04-13 21:53:38 -06:00
blacktop	6c32139915	docs: change API header	2023-04-13 21:38:04 -06:00
blacktop	fb07b08006	feat: add daemon logfile support	2023-04-13 16:27:05 -06:00
blacktop	2ae0abf8fb	chore: change port to 3993 in swagger docs	2023-04-12 21:15:31 -06:00
blacktop	f85daa1ac3	feat: ipsw daemon (API) (#219)	2023-04-12 20:00:05 -06:00