unclecode 0104db6de2 Fix critical RCE via deserialization and eval() in /crawl endpoint ...

- Replace raw eval() in _compute_field() with AST-validated
  _safe_eval_expression() that blocks __import__, dunder attribute
  access, and import statements while preserving safe transforms
- Add ALLOWED_DESERIALIZE_TYPES allowlist to from_serializable_dict()
  preventing arbitrary class instantiation from API input
- Update security contact email and add v0.8.1 security fixes to
  SECURITY.md with researcher acknowledgment
- Add 17 security tests covering both fixes

2026-01-30 08:46:32 +00:00

..

demo_monitor_dashboard.py

Add demo and test scripts for monitor dashboard activity

2025-10-17 22:43:06 +08:00

requirements.txt

feat(docker): implement smart browser pool with 10x memory efficiency

2025-10-17 20:38:39 +08:00

run_security_tests.py

Fix critical RCE and LFI vulnerabilities in Docker API deployment

2026-01-12 04:14:37 +00:00

test_1_basic.py

feat(docker): implement smart browser pool with 10x memory efficiency

2025-10-17 20:38:39 +08:00

test_2_memory.py

feat(docker): implement smart browser pool with 10x memory efficiency

2025-10-17 20:38:39 +08:00

test_3_pool.py

feat(docker): implement smart browser pool with 10x memory efficiency

2025-10-17 20:38:39 +08:00

test_4_concurrent.py

feat(docker): implement smart browser pool with 10x memory efficiency

2025-10-17 20:38:39 +08:00

test_5_pool_stress.py

feat(docker): implement smart browser pool with 10x memory efficiency

2025-10-17 20:38:39 +08:00

test_6_multi_endpoint.py

feat(docker): implement smart browser pool with 10x memory efficiency

2025-10-17 20:38:39 +08:00

test_7_cleanup.py

feat(docker): implement smart browser pool with 10x memory efficiency

2025-10-17 20:38:39 +08:00

test_monitor_demo.py

Add demo and test scripts for monitor dashboard activity

2025-10-17 22:43:06 +08:00

test_security_fixes.py

Fix critical RCE via deserialization and eval() in /crawl endpoint

2026-01-30 08:46:32 +00:00