Evi Nova 0b143f2ea3 fix(gateway): validate Slack image downloads before caching ...

Slack may return an HTML sign-in/redirect page instead of actual media
bytes (e.g. expired token, restricted file access). This adds two layers
of defense:

1. Content-Type check in slack.py rejects text/html responses early
2. Magic-byte validation in base.py's cache_image_from_bytes() rejects
   non-image data regardless of source platform

Also adds ValueError guards in wecom.py and email.py so the new
validation doesn't crash those adapters.

Closes #6829

2026-04-10 03:53:09 -07:00

23 KiB

Raw Blame History

View Raw