Security Nice-to-Have: Dockerfile, Magic-Bytes, Path-Traversal, TABLE_MAP, Deps

- Dockerfile: non-root user appuser, chown /data + /app - media_utils: validate_upload() Magic-Byte-Check (JPEG/PNG/GIF/WebP/MP4/WebM) - media_utils: safe_media_path() Path-Traversal-Schutz beim Löschen - diary/health/dogs: safe_media_path() statt os.path.join + lstrip - diary: validate_upload() vor jedem Medien-Upload - forum: _LIKE_TABLE dict statt dynamischer String-Interpolation - requirements: uvicorn 0.34, PyJWT 2.10.1, pydantic 2.10.6, bcrypt 4.3, httpx 0.28.1, anthropic 0.49 - SW by-v319, APP_VER 307
2026-04-23 18:42:05 +02:00 · 2026-04-23 18:42:05 +02:00 · 71e588a240
commit 71e588a240
parent 15f854d96c
9 changed files with 100 additions and 29 deletions
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@ -1,13 +1,13 @@
 fastapi==0.115.0
 Pillow==11.2.1
 pillow-heif==0.22.0
-uvicorn[standard]==0.30.6
-python-multipart==0.0.9
-pydantic[email]==2.8.2
-bcrypt==4.2.0
-PyJWT==2.9.0
-httpx==0.27.2
+uvicorn[standard]==0.34.0
+python-multipart==0.0.20
+pydantic[email]==2.10.6
+bcrypt==4.3.0
+PyJWT==2.10.1
+httpx==0.28.1
 openai==1.50.0
-anthropic==0.34.0
+anthropic==0.49.0
 pywebpush==2.0.0
 apscheduler==3.10.4