azaion/detections
1
0
Fork 0
mirror of https://github.com/azaion/detections.git synced 2026-04-22 10:46:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-178] Implement streaming video detection endpoint

Browse Source 
- Added `/detect/video` endpoint for true streaming video detection, allowing inference to start as upload bytes arrive.
- Introduced `run_detect_video_stream` method in the inference module to handle video processing from a file-like object.
- Updated media hashing to include a new function for computing hashes directly from files with minimal I/O.
- Enhanced documentation to reflect changes in video processing and API behavior.

Made-with: Cursor
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-04-01 03:11:43 +03:00
parent e65d8da6a3
commit be4cab4fcb
42 changed files with 2983 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_docs/05_security/dependency_scan.md
+56
View File
@@ -0,0 +1,56 @@
# Dependency Scan
**Date**: 2026-03-31
**Tool**: Manual review + WebSearch (pip-audit not installed)
**Files scanned**: `requirements.txt`, `requirements-macos.txt`, `requirements-gpu.txt`, `e2e/requirements.txt`
## Findings
### CVE-2026-28356 — python-multipart ReDoS (HIGH, CVSS 7.5)
- **Package**: python-multipart (unpinned in `requirements.txt`)
- **Vulnerability**: `parse_options_header()` uses a regex with ambiguous alternation causing exponential backtracking on malicious HTTP/multipart headers
- **Impact**: Denial of service against the FastAPI application
- **Fixed in**: 1.2.2, 1.3.1, 1.4.0-dev
- **Remediation**: Pin `python-multipart>=1.3.1`
### CVE-2025-43859 — h11 HTTP Request Smuggling via uvicorn (CRITICAL, CVSS 9.1)
- **Package**: uvicorn (unpinned in `requirements.txt`) → transitive dependency h11-0.14.0
- **Vulnerability**: Lenient parsing of line terminators in chunked-coding message bodies enables HTTP request smuggling
- **Impact**: Bypass security controls, cache poisoning, session hijacking, data leakage
- **Fixed in**: h11 update required; check for h11>=0.15.0
- **Remediation**: Pin `h11>=0.15.0` or verify uvicorn version pulls a patched h11
### Unpinned Dependencies — Supply Chain Risk (MEDIUM)
- **Packages**: `fastapi`, `uvicorn[standard]`, `python-multipart` in `requirements.txt`; `pytest`, `sseclient-py`, `flask`, `gunicorn` in `e2e/requirements.txt`
- **Risk**: Unpinned packages may resolve to different (potentially vulnerable) versions across environments. A compromised PyPI upload could be silently pulled in.
- **Remediation**: Pin all dependencies to specific versions
### opencv-python — Outdated (LOW)
- **Package**: opencv-python==4.10.0.84
- **Vulnerability**: No known CVEs for 4.10.0.84, but latest is 4.13.0.92
- **Remediation**: Consider upgrading to 4.13.0.92 when convenient
## Summary
| Severity | Count |
|----------|-------|
| Critical | 1 |
| High | 1 |
| Medium | 1 |
| Low | 1 |
## No Known Vulnerabilities
- requests==2.32.4 (patched version)
- numpy==2.3.0
- onnxruntime==1.22.0
- loguru==0.7.3
- av==14.2.0
- xxhash==3.5.0
- Cython==3.2.4
- pynvml==12.0.0
- coremltools==9.0