fix: fixed security vulnerabilities from SAST/DAST scans

[natanim-kemal]

This pull request focuses on improving the security and robustness of both the browser extension and the backend API. Major changes include switching API requests to HTTPS, enhancing backend security, and improving error handling.

Security and API Hardening:

• Removed intentionally vulnerable code and sensitive information from src/api.py, including insecure endpoints and hardcoded secrets. [1] [2] [3]
• Added security headers (Content-Security-Policy, X-Frame-Options, etc.) to all API responses to mitigate common web vulnerabilities.
• Improved error handling in API endpoints by returning generic error messages and removing stack trace exposure. [1] [2]

Input Validation and Safer Operations:

• Replaced insecure SQL queries with parameterized queries to prevent SQL injection in the /log endpoint.
• Added domain validation for the /lookup endpoint and replaced shell-based DNS lookups with safe socket calls.
• Secured file access in the /logs/<filename> endpoint to prevent directory traversal and unauthorized file access.

Frontend and API Communication:

• Changed all API URLs in the extension code from HTTP to HTTPS for secure communication (background.js, popup.js). [1] [2]
• Updated CORS settings in the backend to only allow requests from trusted origins.

Other:

• Removed an unused external font reference from popup.html.
• Disabled debug mode in Flask production server.

Fix #	Vulnerability	Change
1	SQL Injection	Used parameterized queries (?, ?)
2	Command Injection	Replaced subprocess with socket.gethostbyname()
3	Path Traversal	Added os.path.basename() + path verification
4	Hardcoded Secrets	Removed all hardcoded credentials
5	Debug Mode	Changed debug=True to debug=False
6	CORS Misconfiguration	Restricted to specific origins
7	Missing Headers	Added CSP, X-Frame-Options, etc.
8	Info Disclosure	Removed /debug endpoint
9	Insecure HTTP	Changed http:// to https://
10	Insecure HTTP	Changed http:// to https://
11	Missing SRI	Removed external CDN font