88f7e72501
SECURITY FIXES: - Remove dangerous public DELETE /api/locations/:id endpoint - Add rate limiting to POST /api/locations (10 requests per 15 minutes) - Add input validation with length limits (500 chars address, 1000 chars description) - Add suspicious activity logging for abuse detection - Install express-rate-limit for protection against spam/DoS CHANGES: - Removed LocationDeleteRequest interface (no longer needed) - Updated tests to expect new security validation behavior - Added comprehensive tests for length validation - Fixed test setup issue with undefined constants Security Impact: - CRITICAL: Prevents unauthorized deletion of location reports - HIGH: Prevents spam submissions and DoS attacks - MEDIUM: Prevents buffer overflow and injection attacks via oversized inputs All 125 tests passing with new security validations. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| integration/routes | ||
| unit | ||
| setup.ts | ||