|
Some checks failed
CI / changes (push) Successful in 6s
CI / frontend-tests (push) Has been skipped
CI / changes (pull_request) Successful in 7s
CI / frontend-tests (pull_request) Has been skipped
CI / backend-tests (push) Successful in 6m38s
CI / backend-tests (pull_request) Successful in 6m37s
Deploy / build-backend (push) Blocked by required conditions
Deploy / build-worker (push) Blocked by required conditions
Deploy / build-frontend (push) Blocked by required conditions
Deploy / deploy (push) Blocked by required conditions
Deploy / changes (push) Has been cancelled
#1244 (security): внешние/скрейпинг-строки (comm_name из DOM.РФ, headline/usp_text) с ведущим = + - @ \t \r писались как есть → openpyxl сохранял как формулы (data_type='f'), исполнялись при открытии в Excel/LibreOffice. _sanitize_formula префиксует такие строки апострофом (OWASP CSV-injection escape); числа/даты/bool не трогаются. _write_kv labels тоже санитизируются. Подтверждено на openpyxl 3.1.5. #1245 (concurrency): async ask() вызывал sync get_report_for_chat() (sync SQLAlchemy тянет крупный JSONB §22-отчёт) напрямую — блокировал event loop, в отличие от LLM-ветки (run_in_threadpool). Обёрнуто в run_in_threadpool. Closes #1244 Closes #1245 |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| admin_cadastre.py | ||
| admin_etl.py | ||
| admin_jobs.py | ||
| admin_leads.py | ||
| admin_scrape.py | ||
| admin_weight_profiles.py | ||
| analytics.py | ||
| chat.py | ||
| concepts.py | ||
| custom_pois.py | ||
| insights.py | ||
| landing.py | ||
| locations.py | ||
| me.py | ||
| own_projects.py | ||
| parcels.py | ||
| photos.py | ||
| pilot.py | ||
| ping.py | ||
| trade_in.py | ||
| users.py | ||