mirror of
https://github.com/myronblair/jarvis
synced 2026-06-30 17:50:23 -05:00
Security fixes: SSL verification, SQL injection, auth bypass, hash_equals
- Enable CURLOPT_SSL_VERIFYPEER on Groq and Claude API calls (MITM fix) - Parameterize agent_commands IN clause to prevent SQL injection - Add session/IP check for list/status/myip endpoints (auth bypass fix) - Use hash_equals() for registration key comparison (timing attack fix)
This commit is contained in:
@@ -581,7 +581,7 @@ if (!$reply && defined('GROQ_API_KEY') && GROQ_API_KEY) {
|
||||
],
|
||||
CURLOPT_TIMEOUT => GROQ_TIMEOUT,
|
||||
CURLOPT_CONNECTTIMEOUT => 5,
|
||||
CURLOPT_SSL_VERIFYPEER => false,
|
||||
CURLOPT_SSL_VERIFYPEER => true,
|
||||
]);
|
||||
|
||||
$resp = curl_exec($ch);
|
||||
@@ -672,7 +672,7 @@ Respond as JARVIS. Voice readout: under 3 sentences unless detail is requested.
|
||||
'Content-Type: application/json',
|
||||
],
|
||||
CURLOPT_TIMEOUT => 30,
|
||||
CURLOPT_SSL_VERIFYPEER => false,
|
||||
CURLOPT_SSL_VERIFYPEER => true,
|
||||
]);
|
||||
|
||||
$resp = curl_exec($ch);
|
||||
|
||||
Reference in New Issue
Block a user