search

modelscope / agentscope

Start building LLM-empowered multi-agent applications in an easier way.
https://doc.agentscope.io/
Apache License 2.0
5.34k stars 328 forks source link

Update delete_workflow #459

Open jkylekelly opened 1 month ago

jkylekelly commented 1 month ago

name: Sanitize Delete Workflow about: Remediates arbitrary file delete

Description

Version 0.1.0 is vulnerable to arbitrary file deletion due to improper input sanitization on the delete_workflow API. This PR ensures the API will only delete JSON files in user_dir.

Checklist

Please check the following items before code is ready to be reviewed.

DavdGao commented 1 month ago

@rayrayraykk please check this PR