Harden diagram editor network and file security

- Add diagram_net_utils.py with SSRF prevention:
  block file/ftp schemes, reject private/loopback/link-local IPs,
  enforce 20 MB download limit and connection timeout
- URL image download now routes through safe_download_image()
- Image reload from saved JSON validates file extension allowlist
- Add Security section to CLAUDE.md with full checklist

Author: JE-Chen

CLAUDE.md

@@ -85,6 +85,35 @@ python -m pybreeze                              # launch the IDE
 - Logging: use `pybreeze_logger` from `pybreeze.utils.logging.logger`
 - Plugin API: `register_programming_language()` and `register_natural_language()` from `je_editor.plugins`
 
+## Security
+
+All code must follow secure-by-default principles. Review every change against the checklist below before committing.
+
+### General rules
+- Never use `eval()`, `exec()`, or `pickle.loads()` on untrusted data
+- Never use `subprocess.Popen(..., shell=True)` — always pass argument lists
+- Never log or display secrets, tokens, passwords, or API keys
+- Use `json.loads()` / `json.dumps()` for serialisation — never pickle
+- Validate all user input at system boundaries (file dialogs, URL inputs, network data)
+
+### Network requests (SSRF prevention)
+- All outbound HTTP requests must go through `diagram_net_utils.safe_download_image()` or equivalent guards
+- Only `http://` and `https://` schemes are allowed — block `file://`, `ftp://`, `data:`, `gopher://`
+- Resolved IP addresses must be checked against private/loopback/link-local ranges (`ipaddress.is_private`, `is_loopback`, `is_link_local`, `is_reserved`)
+- Enforce download size limits (default: 20 MB) and connection timeouts (default: 15s)
+- Never pass user-supplied URLs directly to `urlopen()` without validation
+
+### File I/O
+- File read/write paths from user dialogs (`QFileDialog`) are trusted (user-initiated)
+- File paths loaded from saved data (`.diagram.json`) must be validated before access:
+  - Local paths: check `path.is_file()` and verify extension is in an allowlist
+  - URLs: pass through the same SSRF validation as user-entered URLs
+- Never construct file paths by string concatenation with user input — use `pathlib.Path` with validation
+
+### Qt / UI
+- `QGraphicsTextItem` with `TextEditorInteraction` must not be enabled by default — use double-click-to-edit pattern to prevent unintended text selection issues in themed environments
+- Plugin loading (`jeditor_plugins/`) uses auto-discovery — only load `.py` files, skip files starting with `_` or `.`
+
 ## Commit & PR rules
 
 - Commit messages: short imperative sentence (e.g., "Update stable version", "Fix github actions")

pybreeze/pybreeze_ui/diagram_editor/diagram_editor_widget.py

@@ -535,8 +535,8 @@ def _add_image_from_url(self) -> None:
             return
         url = url.strip()
         try:
-            from urllib.request import urlopen
-            data = urlopen(url, timeout=15).read()
+            from pybreeze.pybreeze_ui.diagram_editor.diagram_net_utils import safe_download_image
+            data = safe_download_image(url)
             from PySide6.QtGui import QPixmap
             pix = QPixmap()
             pix.loadFromData(data)

pybreeze/pybreeze_ui/diagram_editor/diagram_net_utils.py

@@ -0,0 +1,80 @@
+"""Network utilities for the diagram editor with security hardening.
+
+Security measures:
+  - Only ``http`` and ``https`` schemes are allowed (blocks ``file://``, ``ftp://``, etc.)
+  - Resolved IPs are checked against private/loopback ranges to prevent SSRF
+  - Downloads are capped at ``MAX_DOWNLOAD_BYTES`` to prevent memory exhaustion
+  - Connection timeout is enforced
+"""
+from __future__ import annotations
+
+import ipaddress
+import socket
+from urllib.parse import urlparse
+from urllib.request import Request, urlopen
+
+MAX_DOWNLOAD_BYTES = 20 * 1024 * 1024  # 20 MB
+TIMEOUT_SECONDS = 15
+_ALLOWED_SCHEMES = {"http", "https"}
+
+
+class ImageDownloadError(Exception):
+    pass
+
+
+def _validate_url(url: str) -> str:
+    """Validate URL scheme and resolve hostname to block private/loopback IPs."""
+    parsed = urlparse(url)
+
+    # Scheme check
+    if parsed.scheme.lower() not in _ALLOWED_SCHEMES:
+        raise ImageDownloadError(
+            f"Scheme '{parsed.scheme}' is not allowed. Use http or https."
+        )
+
+    # Hostname check
+    hostname = parsed.hostname
+    if not hostname:
+        raise ImageDownloadError("URL has no hostname.")
+
+    # Resolve and check for private/loopback IPs (SSRF prevention)
+    try:
+        infos = socket.getaddrinfo(hostname, None, socket.AF_UNSPEC, socket.SOCK_STREAM)
+    except socket.gaierror as e:
+        raise ImageDownloadError(f"Cannot resolve hostname '{hostname}': {e}") from e
+
+    for family, _, _, _, sockaddr in infos:
+        ip = ipaddress.ip_address(sockaddr[0])
+        if ip.is_private or ip.is_loopback or ip.is_link_local or ip.is_reserved:
+            raise ImageDownloadError(
+                f"Access to private/internal address {ip} is blocked."
+            )
+
+    return url
+
+
+def safe_download_image(url: str) -> bytes:
+    """Download image data from *url* with security and size guards.
+
+    Raises ``ImageDownloadError`` on validation failure or oversized response.
+    """
+    url = _validate_url(url)
+
+    req = Request(url, headers={"User-Agent": "PyBreeze-DiagramEditor/1.0"})
+    resp = urlopen(req, timeout=TIMEOUT_SECONDS)  # noqa: S310 — URL validated above
+
+    # Check Content-Length header if available
+    content_length = resp.headers.get("Content-Length")
+    if content_length is not None and int(content_length) > MAX_DOWNLOAD_BYTES:
+        raise ImageDownloadError(
+            f"Image too large ({int(content_length)} bytes, max {MAX_DOWNLOAD_BYTES})."
+        )
+
+    # Read with size limit
+    data = resp.read(MAX_DOWNLOAD_BYTES + 1)
+    if len(data) > MAX_DOWNLOAD_BYTES:
+        raise ImageDownloadError(
+            f"Image exceeds {MAX_DOWNLOAD_BYTES // (1024 * 1024)} MB limit."
+        )
+
+    return data

pybreeze/pybreeze_ui/diagram_editor/diagram_scene.py

@@ -574,19 +574,24 @@ def _load_items(self, data: dict) -> None:
                 self._try_load_image_source(img, source)
 
     def _try_load_image_source(self, img: DiagramImage, source: str) -> None:
-        """Load pixmap from local path or URL into a DiagramImage."""
+        """Load pixmap from local path or URL into a DiagramImage.
+
+        Local paths are restricted to existing image files.
+        URLs are validated and size-limited via ``safe_download_image``.
+        """
         from pathlib import Path
         path = Path(source)
-        if path.is_file():
+        # Only load if the file actually exists and has an image extension
+        _IMAGE_SUFFIXES = {".png", ".jpg", ".jpeg", ".bmp", ".gif", ".svg", ".webp", ".ico"}
+        if path.is_file() and path.suffix.lower() in _IMAGE_SUFFIXES:
             pix = QPixmap(str(path))
             if not pix.isNull():
                 img.set_pixmap(pix, source)
                 return
-        # Try as URL (non-blocking would be better, but keep it simple)
         if source.startswith(("http://", "https://")):
             try:
-                from urllib.request import urlopen
-                data = urlopen(source, timeout=10).read()
+                from pybreeze.pybreeze_ui.diagram_editor.diagram_net_utils import safe_download_image
+                data = safe_download_image(source)
                 pix = QPixmap()
                 pix.loadFromData(data)
                 if not pix.isNull():