Harden security

2026-03-05 05:42:19 +00:00
parent 06735bdfb1
commit 438e561da0
75 changed files with 6260 additions and 278 deletions
--- a/core/clients/signalapi.py
+++ b/core/clients/signalapi.py
@@ -16,6 +16,22 @@ SIGNAL_UUID_PATTERN = re.compile(
 )


+def _safe_parse_send_response(payload_value) -> int | bool:
+    payload = payload_value
+    if isinstance(payload_value, str):
+        try:
+            payload = orjson.loads(payload_value)
+        except orjson.JSONDecodeError:
+            return False
+    if not isinstance(payload, dict):
+        return False
+    try:
+        ts = payload.get("timestamp")
+        return int(ts) if ts else False
+    except (TypeError, ValueError):
+        return False
+
+
 def normalize_signal_recipient(recipient: str) -> str:
    raw = str(recipient or "").strip()
    if not raw:
@@ -395,8 +411,8 @@ def send_message_raw_sync(recipient_uuid, text=None, attachments=None):
        response.status_code == status.HTTP_201_CREATED
    ):  # Signal server returns 201 on success
        try:
-            ts = orjson.loads(response.text).get("timestamp", None)
-            return ts if ts else False
-        except orjson.JSONDecodeError:
-            return False
+            payload = response.json()
+        except ValueError:
+            payload = {}
+        return _safe_parse_send_response(payload)
    return False  # If response status is not 201