xTr1m/GameList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden screenshot validation against SSRF and add user-facing errors

Browse Source
This commit is contained in:
Frank Tovar
2026-02-05 16:58:15 +01:00
parent 1d28ea6568
commit 8e50b31a5b
2 changed files with 64 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Endpoints/SuggestEndpoints.cs
View File

@@ -55,7 +55,7 @@ public static class SuggestEndpoints
}
if (!await EndpointHelpers.IsReachableImageAsync(request.ScreenshotUrl, http))
{
return Results.BadRequest(new { error = "Screenshot URL could not be validated as an image." });
return Results.BadRequest(new { error = "Screenshot URL could not be validated as an image. Use a public image link (http/https, no redirects, max 5 MB)." });
}
if (!EndpointHelpers.IsValidHttpUrl(request.GameUrl))
return Results.BadRequest(new { error = "Game URL must be http or https." });
@@ -162,7 +162,7 @@ public static class SuggestEndpoints
}
if (!await EndpointHelpers.IsReachableImageAsync(request.ScreenshotUrl, http))
{
return Results.BadRequest(new { error = "Screenshot URL could not be validated as an image." });
return Results.BadRequest(new { error = "Screenshot URL could not be validated as an image. Use a public image link (http/https, no redirects, max 5 MB)." });
}
if (!EndpointHelpers.IsValidHttpUrl(request.GameUrl))
return Results.BadRequest(new { error = "Game URL must be http or https." });