trentuna/candle-annotator
8
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions
candle-annotator/services/ml/app
History
Marko Djordjevic 67dd7aa2f0 security: validate run_id format and add path containment check in ML service 
- Add `import re` to services/ml/app/main.py
- In POST /model/load: validate run_id matches ^[a-zA-Z0-9_-]+$ before DB lookup; use Path.resolve() + directory containment check before loading model artifact
- In DELETE /training/runs/{run_id}: validate run_id matches ^[a-zA-Z0-9_-]+$ before any processing; use Path.resolve() + directory containment check before deleting model artifact
- Both endpoints return HTTP 400 with {"detail": "Invalid run_id format"} on invalid input
- Mark task 2.2 as completed in openspec/changes/code-review-fix/tasks.md

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-18 11:00:19 +01:00
..
__init__.py feat(ml): add database schema, config parser, and DVC setup 2026-02-15 12:08:53 +01:00
annotation_ingestion.py feat: add Python migration script and successfully test SQLite to PostgreSQL data migration 2026-02-17 14:01:21 +01:00
config.py feat(ml): add database schema, config parser, and DVC setup 2026-02-15 12:08:53 +01:00
data_access.py fix: resolve numpy type conversion issues in ML service data access 2026-02-17 14:10:21 +01:00
db.py security: remove credential SQL comments and add DATABASE_URL fail-fast check 2026-02-18 10:56:49 +01:00
main.py security: validate run_id format and add path containment check in ML service 2026-02-18 11:00:19 +01:00
patterns.py feat: add FastAPI pattern detection endpoints (Section 1) 2026-02-17 18:34:14 +01:00
preprocessing.py fix(ml): add windowed feature flattening for inference parity 2026-02-15 22:07:06 +01:00