infected header scanning enhanced

build/assets/conclusionApi-Nd172SfW.js

@@ -1 +1 @@
-import{a as s}from"./index-DzZrtI-x.js";import"./radix-vendor-CYvDqP9X.js";import"./charts-vendor-BVfwAPj-.js";import"./utils-vendor-BTBPSQfW.js";import"./ui-vendor-CX5oLBI_.js";import"./socket-vendor-TjCxX7sJ.js";import"./redux-vendor-tbZCm13o.js";import"./router-vendor-B_rK4TXr.js";async function m(n){return(await s.post(`/conclusions/${n}/generate`)).data.data}async function f(n,t){return(await s.post(`/conclusions/${n}/finalize`,{finalRemark:t})).data.data}async function d(n){var t;try{return(await s.get(`/conclusions/${n}`)).data.data}catch(o){if(((t=o.response)==null?void 0:t.status)===404)return null;throw o}}export{f as finalizeConclusion,m as generateConclusion,d as getConclusion};
+import{a as s}from"./index-BCZm9H2Q.js";import"./radix-vendor-CYvDqP9X.js";import"./charts-vendor-BVfwAPj-.js";import"./utils-vendor-BTBPSQfW.js";import"./ui-vendor-CX5oLBI_.js";import"./socket-vendor-TjCxX7sJ.js";import"./redux-vendor-tbZCm13o.js";import"./router-vendor-B_rK4TXr.js";async function m(n){return(await s.post(`/conclusions/${n}/generate`)).data.data}async function f(n,t){return(await s.post(`/conclusions/${n}/finalize`,{finalRemark:t})).data.data}async function d(n){var t;try{return(await s.get(`/conclusions/${n}`)).data.data}catch(o){if(((t=o.response)==null?void 0:t.status)===404)return null;throw o}}export{f as finalizeConclusion,m as generateConclusion,d as getConclusion};

build/index.html

@@ -13,7 +13,7 @@
   <!-- Preload essential fonts and icons -->
   <link rel="preconnect" href="https://fonts.googleapis.com">
   <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
-  <script type="module" crossorigin src="/assets/index-DzZrtI-x.js"></script>
+  <script type="module" crossorigin src="/assets/index-BCZm9H2Q.js"></script>
   <link rel="modulepreload" crossorigin href="/assets/charts-vendor-BVfwAPj-.js">
   <link rel="modulepreload" crossorigin href="/assets/radix-vendor-CYvDqP9X.js">
   <link rel="modulepreload" crossorigin href="/assets/utils-vendor-BTBPSQfW.js">

src/services/fileUpload/contentXSSScanner.ts

@@ -152,7 +152,7 @@ export function scanContentForXSS(
             patterns = [...UNIVERSAL_XSS_PATTERNS, ...SVG_XSS_PATTERNS];
             break;
         case 'PDF':
-            patterns = [...PDF_XSS_PATTERNS];
+            patterns = [...UNIVERSAL_XSS_PATTERNS, ...PDF_XSS_PATTERNS];
             break;
         case 'OFFICE':
             patterns = [...OFFICE_XSS_PATTERNS];

src/services/fileUpload/fileValidationService.ts

@@ -96,10 +96,23 @@ const BLOCKED_PATTERNS: Array<{ pattern: RegExp; reason: string }> = [
         pattern: /\.\w+\.(exe|bat|cmd|com|msi|scr|pif|vbs|vbe|js|jse|wsf|wsh|ps1|sh|bash)$/i,
         reason: 'Suspicious double extension'
     },
-    // XSS Patterns in filenames
+    // Dangerous characters associated with XSS and path manipulation
     {
-        pattern: /<script|javascript:|onerror=|onload=|onclick=|alert\(|eval\(|document\./i,
-        reason: 'Potential XSS payload in filename'
+        pattern: /[<>]/,
+        reason: 'HTML tags or suspicious characters (<, >) not allowed in filenames'
+    },
+    // Comprehensive XSS Patterns in filenames
+    {
+        pattern: /<(script|img|svg|body|iframe|details|audio|video|embed|object|style|link|meta|html|form|input|button)/i,
+        reason: 'Potential XSS tag in filename'
+    },
+    {
+        pattern: /(javascript:|vbscript:|data:text\/html|expression\()|on(error|load|click|mouseover|focus|scroll|beforeunload|submit|change|keydown|keyup)=/i,
+        reason: 'Potential XSS payload or event handler in filename'
+    },
+    {
+        pattern: /(script|alert|eval|document\.|window\.|localStorage|sessionStorage|cookie|prompt|confirm)\(/i,
+        reason: 'Malicious JavaScript functions detected in filename'
     },
 ];