knacky/mimic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: log 2 MEDIUM security fixes in CHANGELOG (post-refactor)

Browse Source 
CSV multiline injection + Markdown stored-XSS regressions caught by
security-guidance@claude-code-plugins on the 7-column refactor.
Backend fix in 3a9d9d3 (257 pytest, ruff/mypy clean). PR #9 body
counter bumped 255 → 257.
This commit is contained in:
Knacky
2026-06-08 19:29:59 +02:00
parent 3a9d9d3203
commit 2d1c113f0c
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tasks/pr-body-sprint-6.md
View File

@@ -7,7 +7,7 @@
- **Security MEDIUM fix mid-sprint** : CSV formula injection défusée par `_csv_safe()` (apostrophe-prefix sur `=`/`+`/`-`/`@`/`\t`/`\r`). Le red team aurait pu injecter une formule qui s'exécute chez le SOC à l'ouverture de l'Excel.
## Test plan
- **Backend** : **255/255** pytest (`ruff` + `mypy` clean).
- **Backend** : **257/257** pytest (`ruff` + `mypy` clean).
- **Frontend** : **136/136** vitest (`typecheck` + `lint` clean).
- **E2e Playwright** : **223/223** verts — baseline sprint 5 = 201, +22 sprint 6.