RomanNum3ral
/
MicroFish
mirror of https://github.com/666ghj/MiroFish.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
MicroFish/backend/app
History
warren618 56789a2c98 fix(security): sanitize user-supplied IDs to prevent path traversal 
simulation_id, project_id, report_id, and platform parameters from
API requests are used directly in os.path.join() to construct file
paths. An attacker can use values like "../../etc" to read/write
files or create directories outside the intended data directory.

Added validation: reject any ID that differs from its os.path.basename(),
which catches path separators and traversal sequences.
 		2026-03-23 02:50:12 +08:00
..
api feat(SimulationAPI): add function to retrieve latest report ID for a given simulation 2026-01-09 16:04:35 +08:00
models fix(security): sanitize user-supplied IDs to prevent path traversal 2026-03-23 02:50:12 +08:00
services fix(security): sanitize user-supplied IDs to prevent path traversal 2026-03-23 02:50:12 +08:00
utils fix: resolve 500 error caused by <think> tags and markdown code fences in content field from reasoning models like MiniMax/GLM 2026-03-06 00:30:31 +08:00
__init__.py Implement Report Agent for automated report generation and interaction 2025-12-09 15:10:55 +08:00
config.py fix(config): enable overriding of environment variables when loading .env file 2026-01-23 16:20:24 +08:00