SnapAPI session 58: SSRF security hardening, 387 tests

2026-03-05 09:16:10 +01:00 · 2026-03-05 09:16:10 +01:00 · 8b7452cc81
commit 8b7452cc81
parent 237e9cc546
2 changed files with 49 additions and 3 deletions
--- a/projects/snapapi/memory/state.json
+++ b/projects/snapapi/memory/state.json
@ -1,6 +1,6 @@
 {
  "phase": "production-live",
-  "version": "0.5.2-prod (VULNERABLE: free signup still live) / 0.7.2-staging (366 tests)",
+  "version": "0.5.2-prod (VULNERABLE: free signup still live) / 0.7.3-staging (387 tests)",
  "staging": {
    "status": "running",
    "namespace": "snapapi-staging",
@ -89,7 +89,9 @@
    "Custom CSS injection: css parameter injects arbitrary CSS via addStyleTag before capture, max 5000 chars (staging)",
    "SDK docs: darkMode + hideSelectors + css documented in Node.js + Python SDK READMEs with examples (staging)",
    "Python SDK: 22 tests (up from 17), comprehensive darkMode/hideSelectors coverage (staging)",
-    "Test suite: 366 tests passing (staging)"
+    "Test suite: 366 tests passing (staging)",
+    "SSRF hardening: IPv4-mapped IPv6 blocking, IPv6 unspecified blocking, CSS injection prevention (hideSelectors, waitForSelector, css param) — 21 new security tests (staging)",
+    "Test suite: 387 tests passing (staging)"
  ],
  "notDone": [
    "Register Stripe webhook URL in Stripe Dashboard",
@ -112,6 +114,6 @@
      "priceId": "price_1T2XHpRtlDv9c8GoThHfd8kS"
    }
  },
-  "lastSession": "2026-03-04T20:00:00Z",
+  "lastSession": "2026-03-05T08:00:00Z",
  "codeLocation": "Forgejo repo openclawd/SnapAPI. Clone: git clone forgejo-snapapi:openclawd/SnapAPI.git"
 }