qwen_agent

History

朱潮 b8e57b2f51 feat(skills): add security hardening to skill upload endpoint - Add ZipSlip path traversal protection (validate all file paths) - Add file size limits (50MB upload, 500MB extracted) - Add zip bomb protection (max 100:1 compression ratio, 1000 entries) - Add async I/O using aiofiles to avoid blocking event loop - Add bot_id validation to prevent path traversal attacks - Add proper error cleanup on upload failures Security improvements: - P1-001: ZipSlip path traversal防护 - P1-004: File size limits (50MB) - P1-005: Zip bomb防护 (compression ratio check) - P1-008: Async I/O improvements 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>		2026-01-07 20:25:37 +08:00
..
__init__.py	update fastapi	2025-11-25 22:34:44 +08:00
chat.py	refactor(sse): simplify error handling and remove __debug__ security issue	2026-01-07 20:24:30 +08:00
file_manager.py	fix(file-manager): fix create-folder API to accept JSON request body	2025-12-31 16:52:07 +08:00
files.py	feat(skills): add skill management API module	2026-01-07 19:45:04 +08:00
projects.py	日志优化	2025-11-27 21:50:03 +08:00
skill_manager.py	feat(skills): add security hardening to skill upload endpoint	2026-01-07 20:25:37 +08:00
system.py	删除agent manager	2025-12-17 20:27:06 +08:00