RomanNum3ral
/
MicroFish
mirror of https://github.com/666ghj/MiroFish.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
MicroFish/backend/app/models
History
warren618 56789a2c98 fix(security): sanitize user-supplied IDs to prevent path traversal 
simulation_id, project_id, report_id, and platform parameters from
API requests are used directly in os.path.join() to construct file
paths. An attacker can use values like "../../etc" to read/write
files or create directories outside the intended data directory.

Added validation: reject any ID that differs from its os.path.basename(),
which catches path separators and traversal sequences.
 		2026-03-23 02:50:12 +08:00
..
__init__.py Introduce Project ID for context management, finalizing the stateful API pipeline from file submission to graph construction. 2025-11-28 17:21:08 +08:00
project.py fix(security): sanitize user-supplied IDs to prevent path traversal 2026-03-23 02:50:12 +08:00
task.py Enhance backend functionality with OASIS simulation features 2025-12-01 15:03:44 +08:00