trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions
candle-annotator/services/ml
History
Marko Djordjevic 67dd7aa2f0 security: validate run_id format and add path containment check in ML service 
- Add `import re` to services/ml/app/main.py
- In POST /model/load: validate run_id matches ^[a-zA-Z0-9_-]+$ before DB lookup; use Path.resolve() + directory containment check before loading model artifact
- In DELETE /training/runs/{run_id}: validate run_id matches ^[a-zA-Z0-9_-]+$ before any processing; use Path.resolve() + directory containment check before deleting model artifact
- Both endpoints return HTTP 400 with {"detail": "Invalid run_id format"} on invalid input
- Mark task 2.2 as completed in openspec/changes/code-review-fix/tasks.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-18 11:00:19 +01:00
..
.dvc feat(ml): add database schema, config parser, and DVC setup 2026-02-15 12:08:53 +01:00
app security: validate run_id format and add path containment check in ML service 2026-02-18 11:00:19 +01:00
candle_ml.egg-info feat(ml): add TA-Lib annotation generation and import workflow 2026-02-15 19:18:28 +01:00
config fix(ml): complete ML pipeline fixes and setup 2026-02-15 21:29:54 +01:00
features fix: make volume column optional in feature engineering, skip MFI when absent 2026-02-18 01:01:32 +01:00
migrations feat(ml): add database schema, config parser, and DVC setup 2026-02-15 12:08:53 +01:00
mlruns feat: add models/ and *.pkl to .gitignore, remove tracked model files from git history 2026-02-18 10:55:48 +01:00
training fix(ml): complete ML pipeline fixes and setup 2026-02-15 21:29:54 +01:00
.dvcignore feat(ml): add database schema, config parser, and DVC setup 2026-02-15 12:08:53 +01:00
Dockerfile fix: add curl to ml-service for healthcheck 2026-02-16 17:31:08 +01:00
generate_talib_annotations.py fix(ml): handle date strings in TA-Lib annotation generator 2026-02-15 19:30:38 +01:00
pipeline.py feat(ml): implement training stage with MLflow tracking and model wrappers 2026-02-15 14:22:19 +01:00
pyproject.toml feat(ml): add database schema, config parser, and DVC setup 2026-02-15 12:08:53 +01:00
talib_annotations.json fix(scripts): add created_at timestamps to annotation import 2026-02-15 19:36:55 +01:00
test_db_access.py fix: resolve numpy type conversion issues in ML service data access 2026-02-17 14:10:21 +01:00
uv.lock feat(ml): add TA-Lib annotation generation and import workflow 2026-02-15 19:18:28 +01:00