Harden Excel image downloads

[PrzemyslawKlys]

Summary

• harden Excel image URL downloads by rejecting non-HTTP(S) URLs before any network attempt
• disable implicit HTTP redirects and revalidate each redirect target so image fetches cannot bounce into file or other unsupported schemes
• stream image responses through a byte cap instead of buffering unbounded data before checking the configured limit
• add regression coverage for unsafe redirect targets and oversized chunked image responses

Validation

• dotnet test OfficeIMO.Tests\OfficeIMO.Tests.csproj --framework net8.0 --filter "FullyQualifiedNameExcel.ImageDownloader|FullyQualifiedNameExcel_HeaderImageUrl|FullyQualifiedName~Excel_FooterImageUrl"
• dotnet test OfficeIMO.Tests\OfficeIMO.Tests.csproj --framework net10.0 --no-restore --filter "FullyQualifiedNameExcel.ImageDownloader|FullyQualifiedNameExcel_HeaderImageUrl|FullyQualifiedName~Excel_FooterImageUrl"
• dotnet build OfficeIMO.Excel\OfficeIMO.Excel.csproj --framework netstandard2.0 --no-restore
• dotnet build OfficeIMO.Excel\OfficeIMO.Excel.csproj --framework net472 --no-restore
• dotnet test OfficeIMO.Tests\OfficeIMO.Tests.csproj --framework net472 --no-restore --filter "FullyQualifiedNameExcel.ImageDownloader|FullyQualifiedNameExcel_HeaderImageUrl|FullyQualifiedName~Excel_FooterImageUrl"
• git diff --check

Notes

• This follows the merged Harden document parsing security defaults #1934 security pass and targets the remaining Excel URL/image-download surface from the security overview.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

[codecov]

Codecov Report

❌ Patch coverage is 66.66667% with 18 lines in your changes missing coverage. Please review.
✅ Project coverage is 73.33%. Comparing base (7101ed5) to head (cbc5168).

Files with missing lines	Patch %	Lines
OfficeIMO.Excel/Utilities/ImageDownloader.cs	66.66%	3 Missing and 15 partials ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #1935   +/-   ##
=======================================
  Coverage   73.33%   73.33%           
=======================================
  Files        2521     2521           
  Lines      283933   283972   +39     
  Branches    60803    60820   +17     
=======================================
+ Hits       208219   208248   +29     
+ Misses      47988    47987    -1     
- Partials    27726    27737   +11     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.