simulation_id, project_id, report_id, and platform parameters from
API requests are used directly in os.path.join() to construct file
paths. An attacker can use values like "../../etc" to read/write
files or create directories outside the intended data directory.
Added validation: reject any ID that differs from its os.path.basename(),
which catches path separators and traversal sequences.
- Updated README.md to include new simulation scripts and configuration details for OASIS, including API retry mechanisms and environment variable settings.
- Added simulation management and configuration generation services to streamline the simulation process across Twitter and Reddit platforms.
- Introduced new API routes for simulation-related operations, including entity retrieval and simulation status management.
- Implemented a robust retry mechanism for external API calls to improve system stability.
- Enhanced task management model to include detailed progress tracking.
- Added logging capabilities for action tracking during simulations.
- Included new scripts for running parallel simulations and testing profile formats.
Haozhe Wu
ghostubborn
warren618
666ghj