Implement system-level security and stress tests

noexec / curldl

Safely and reliably download files with PycURL

https://pypi.org/project/curldl/

GNU Lesser General Public License v3.0

3 stars 0 forks source link

Implement system-level security and stress tests #5

Open noexec opened 1 year ago

noexec commented 1 year ago

Properly test timeouts and retries
Test multiple Download instances working in multiple threads
Verify https is secure (algorithms, CAs)

noexec commented 1 year ago

Should also decide on default User-Agent (none, specific curl/version as it is now, libcurl/version from pycurl.version_info()[1], …) (done in #13)

noexec commented 1 year ago

Ensure that file:// links are disallowed. (done in #13)

noexec commented 1 year ago

Verify URL redirects policy:

HTTP may redirect to HTTP and HTTPS
HTTPS may only redirect to HTTPS

Consider implementing a more restricted URL redirects policy:

Redirect should only work for same domain or subdomains, with same port (auth details should be stripped for comparison) — verification should be added via HEADERFUNCTION