security: validate JSON metadata fields to prevent mass assignment #22

Merged
Charon merged 1 commit from security/validate-json-metadata into main 2026-02-21 01:26:04 +00:00

1 commit

Author SHA1 Message Date
8922683bcf
security: validate JSON metadata fields to prevent mass assignment
Some checks failed
CI / PHP 8.2 (pull_request) Failing after 1s
CI / PHP 8.3 (pull_request) Failing after 1s
CI / PHP 8.4 (pull_request) Failing after 1s
CI / Assets (pull_request) Failing after 1s
Add mutators to Service and HoneypotHit models that enforce size and
structure limits on JSON fields (metadata, headers). Service.setMeta()
now validates key format. TeapotController pre-filters header count
before passing to the model.

Fixes #14

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 01:25:47 +00:00