🛡️ : Security Enhancements (#1681)

* fix: sanitize HTTP params and do not send whole error objects backs * fix: prevent path traversal * fix: send custom error message for tokenizer route * chore: handle info exposure vector * chore(oauth): skip check due to false positive as oauth routes are rate-limited * chore(app): disable `x-powered-by` * chore: disable false positives or flagging of hardcoded secrets when they are fake values * chore: add path traversal safety check
2025-12-22 03:10:15 +01:00 · 2024-01-30 14:34:02 -05:00 · 2024-01-30 14:34:02 -05:00 · 972402e029
commit 972402e029
parent 9fad1b2cae
23 changed files with 72 additions and 28 deletions
--- a/client/src/components/Messages/Content/Error.tsx
+++ b/client/src/components/Messages/Content/Error.tsx
@ -1,3 +1,5 @@
+// file deepcode ignore HardcodedNonCryptoSecret: No hardcoded secrets
+
 import React from 'react';
 import type { TOpenAIMessage } from 'librechat-data-provider';
 import { formatJSON, extractJson, isJson } from '~/utils/json';
--- a/client/src/components/Plugins/Store/tests/PluginAuthForm.spec.tsx
+++ b/client/src/components/Plugins/Store/tests/PluginAuthForm.spec.tsx
@ -39,6 +39,7 @@ describe('PluginAuthForm', () => {
      action: 'install',
      auth: {
        key: '1234567890',
+        // file deepcode ignore HardcodedNonCryptoSecret/test: test
        secret: '1234567890',
      },
    });