RomanNum3ral
/
MicroFish
mirror of https://github.com/666ghj/MiroFish.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
MicroFish/backend
History
warren618 56789a2c98 fix(security): sanitize user-supplied IDs to prevent path traversal 
simulation_id, project_id, report_id, and platform parameters from
API requests are used directly in os.path.join() to construct file
paths. An attacker can use values like "../../etc" to read/write
files or create directories outside the intended data directory.

Added validation: reject any ID that differs from its os.path.basename(),
which catches path separators and traversal sequences.
 		2026-03-23 02:50:12 +08:00
..
app fix(security): sanitize user-supplied IDs to prevent path traversal 2026-03-23 02:50:12 +08:00
scripts Add UTF-8 encoding support for Windows in simulation_runner.py and run_parallel_simulation.py to resolve character encoding issues with third-party libraries. 2025-12-26 18:14:57 +08:00
pyproject.toml fix(file_parser): handle non-UTF-8 encoded text files with automatic encoding detection 2026-01-22 18:28:37 +08:00
requirements.txt fix(file_parser): handle non-UTF-8 encoded text files with automatic encoding detection 2026-01-22 18:28:37 +08:00
run.py Add UTF-8 encoding support for Windows console in run.py and logger.py to prevent character encoding issues 2025-12-26 17:58:48 +08:00
uv.lock fix(file_parser): handle non-UTF-8 encoded text files with automatic encoding detection 2026-01-22 18:28:37 +08:00