Skip to content

fix: 修复6处安全漏洞与逻辑错误#10

Merged
Mola-maker merged 1 commit into
mainfrom
claude/refactor-loop-fix-LOy8S
May 7, 2026
Merged

fix: 修复6处安全漏洞与逻辑错误#10
Mola-maker merged 1 commit into
mainfrom
claude/refactor-loop-fix-LOy8S

Conversation

@Mola-maker
Copy link
Copy Markdown
Owner

@Mola-maker Mola-maker commented May 7, 2026

  • agents/utils.py: docker_exec 捕获 TimeoutExpired,防止调用方崩溃
  • ui/server.py: get_figure 端点添加路径穿越防护(resolve + 前缀校验)
  • ui/server.py: pip install 端点改用 shlex.quote 防 shell 注入,包名正则白名单
  • sandbox/loop.py: 成功时 iterations 计数改为 iteration+1(与失败路径一致)
  • sandbox/healer.py: 超过最大迭代次数返回 is_logic=False,不再误标为逻辑错误
  • agents/conversation_mgr.py: 会话标题 .strip() 防止空白字符标题

https://claude.ai/code/session_01Ff2zH5qmZkJ4kCQAKh1TXx

@claude
fix: 修复6处安全漏洞与逻辑错误
8bfaaa5 
- agents/utils.py: docker_exec 捕获 TimeoutExpired,防止调用方崩溃
- ui/server.py: get_figure 端点添加路径穿越防护(resolve + 前缀校验)
- ui/server.py: pip install 端点改用 shlex.quote 防 shell 注入,包名正则白名单
- sandbox/loop.py: 成功时 iterations 计数改为 iteration+1(与失败路径一致)
- sandbox/healer.py: 超过最大迭代次数返回 is_logic=False,不再误标为逻辑错误
- agents/conversation_mgr.py: 会话标题 .strip() 防止空白字符标题

https://claude.ai/code/session_01Ff2zH5qmZkJ4kCQAKh1TXx
@Mola-maker Mola-maker merged commit 5f2d89a into main May 7, 2026
0 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Mola-maker @claude