qwen_agent

zhuchaowe/qwen_agent

Fork 0

Commit Graph

Author	SHA1	Message	Date
朱潮	b8e57b2f51	feat(skills): add security hardening to skill upload endpoint - Add ZipSlip path traversal protection (validate all file paths) - Add file size limits (50MB upload, 500MB extracted) - Add zip bomb protection (max 100:1 compression ratio, 1000 entries) - Add async I/O using aiofiles to avoid blocking event loop - Add bot_id validation to prevent path traversal attacks - Add proper error cleanup on upload failures Security improvements: - P1-001: ZipSlip path traversal防护 - P1-004: File size limits (50MB) - P1-005: Zip bomb防护 (compression ratio check) - P1-008: Async I/O improvements 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-01-07 20:25:37 +08:00
朱潮	342932030f	feat(skills): add skill management API module - Create new skill_manager.py with list and upload endpoints - Add GET /api/v1/skill/list to retrieve official and user skills - Add POST /api/v1/skill/upload for skill file upload - Parse SKILL.md frontmatter to extract name and description - Move skill upload endpoint from files.py to skill_manager.py - Add SKILLS_DIR configuration to settings.py - Register skill_manager router in fastapi_app.py 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>	2026-01-07 19:45:04 +08:00

Author

SHA1

Message

Date

朱潮

b8e57b2f51

feat(skills): add security hardening to skill upload endpoint

- Add ZipSlip path traversal protection (validate all file paths)
- Add file size limits (50MB upload, 500MB extracted)
- Add zip bomb protection (max 100:1 compression ratio, 1000 entries)
- Add async I/O using aiofiles to avoid blocking event loop
- Add bot_id validation to prevent path traversal attacks
- Add proper error cleanup on upload failures

Security improvements:
- P1-001: ZipSlip path traversal防护
- P1-004: File size limits (50MB)
- P1-005: Zip bomb防护 (compression ratio check)
- P1-008: Async I/O improvements

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2026-01-07 20:25:37 +08:00

朱潮

342932030f

feat(skills): add skill management API module

- Create new skill_manager.py with list and upload endpoints
- Add GET /api/v1/skill/list to retrieve official and user skills
- Add POST /api/v1/skill/upload for skill file upload
- Parse SKILL.md frontmatter to extract name and description
- Move skill upload endpoint from files.py to skill_manager.py
- Add SKILLS_DIR configuration to settings.py
- Register skill_manager router in fastapi_app.py

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2026-01-07 19:45:04 +08:00

2 Commits