|
Some checks failed
CI / changes (push) Successful in 6s
CI / frontend-tests (push) Has been skipped
CI / changes (pull_request) Successful in 7s
CI / frontend-tests (pull_request) Has been skipped
CI / backend-tests (push) Successful in 6m38s
CI / backend-tests (pull_request) Successful in 6m37s
Deploy / build-backend (push) Blocked by required conditions
Deploy / build-worker (push) Blocked by required conditions
Deploy / build-frontend (push) Blocked by required conditions
Deploy / deploy (push) Blocked by required conditions
Deploy / changes (push) Has been cancelled
#1244 (security): внешние/скрейпинг-строки (comm_name из DOM.РФ, headline/usp_text) с ведущим = + - @ \t \r писались как есть → openpyxl сохранял как формулы (data_type='f'), исполнялись при открытии в Excel/LibreOffice. _sanitize_formula префиксует такие строки апострофом (OWASP CSV-injection escape); числа/даты/bool не трогаются. _write_kv labels тоже санитизируются. Подтверждено на openpyxl 3.1.5. #1245 (concurrency): async ask() вызывал sync get_report_for_chat() (sync SQLAlchemy тянет крупный JSONB §22-отчёт) напрямую — блокировал event loop, в отличие от LLM-ветки (run_in_threadpool). Обёрнуто в run_in_threadpool. Closes #1244 Closes #1245 |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| test_admin_cadastre.py | ||
| test_admin_ekburg_permits.py | ||
| test_admin_jobs_settings.py | ||
| test_analyze_competitors_status.py | ||
| test_analyze_inline_weights.py | ||
| test_analyze_market_price.py | ||
| test_analyze_parcel_meta.py | ||
| test_analyze_recent_permits.py | ||
| test_chat.py | ||
| test_custom_pois.py | ||
| test_insights.py | ||
| test_locations.py | ||
| test_own_projects.py | ||
| test_parcel_best_layouts.py | ||
| test_parcel_by_bbox.py | ||
| test_parcel_competitors.py | ||
| test_parcel_connection_points.py | ||
| test_parcels_forecast.py | ||
| test_run_history_and_response_contract.py | ||