diff --git a/app/model_downloader/net/session.py b/app/model_downloader/net/session.py index 368bd924a..8270e051c 100644 --- a/app/model_downloader/net/session.py +++ b/app/model_downloader/net/session.py @@ -3,7 +3,7 @@ A single session reuses TLS handshakes and TCP connections across the probe and the many segment GETs to the same host (HuggingFace is the dominant case), which is a large speedup on cold connections and exactly the -connection-reuse strategy that lets us match aria2c (PRD section 5.2). +connection-reuse strategy that lets us match aria2c. The connector uses :class:`ValidatingResolver` so every connection — initial or post-redirect — is screened for private/special-use IPs at connect time. diff --git a/app/model_downloader/security/allowlist.py b/app/model_downloader/security/allowlist.py index b01c7f8de..4c17508e2 100644 --- a/app/model_downloader/security/allowlist.py +++ b/app/model_downloader/security/allowlist.py @@ -1,4 +1,4 @@ -"""URL allowlist for server-side model fetches (PRD section 9.1). +"""URL allowlist for server-side model fetches. Default-deny. A URL is downloadable only when its parsed host + scheme are allowlisted AND (unless explicitly relaxed) its final filename ends in a @@ -56,8 +56,8 @@ def _allowed_hosts() -> dict[str, set[str]]: def is_host_allowed(host: str | None, scheme: str | None) -> bool: """True iff ``host`` is allowlisted for ``scheme``. - Used both for the initial URL and re-checked on every redirect hop - (PRD section 9.2), so a whitelisted URL cannot 30x into an off-list host. + Used both for the initial URL and re-checked on every redirect hop, + so a whitelisted URL cannot 30x into an off-list host. """ if not host or not scheme: return False diff --git a/app/model_downloader/security/paths.py b/app/model_downloader/security/paths.py index 883cb9b9c..1d47cf2bf 100644 --- a/app/model_downloader/security/paths.py +++ b/app/model_downloader/security/paths.py @@ -1,4 +1,4 @@ -"""Path resolution + traversal safety for downloads (PRD section 9.3). +"""Path resolution + traversal safety for downloads. A ``model_id`` is a *relative destination path* of the form ``/`` (e.g. ``loras/my_lora.safetensors``). This module diff --git a/app/model_downloader/security/ssrf.py b/app/model_downloader/security/ssrf.py index 4cb63715e..388accd6b 100644 --- a/app/model_downloader/security/ssrf.py +++ b/app/model_downloader/security/ssrf.py @@ -1,4 +1,4 @@ -"""SSRF / exfiltration defenses (PRD section 9.2). +"""SSRF / exfiltration defenses. Two cooperating layers: