OG T
f8d4772abf
fix(api): Sprint 3 P0-1/P0-2/P0-3/P0-4 Critical Security Fixes
P0-1: Complete shell metacharacter regex detection
- Enhanced _SHELL_METACHAR_RE to detect: >, <, \n, ${}, $()
- Prevents all shell injection vectors (redirects, variable expansion, newlines)
- Added 5 new validation tests
P0-2: Add shlex.quote() protection for ansible playbook path
- Wraps playbook_path in shlex.quote() before SSH command construction
- Prevents shell injection if path contains special characters
- Applied in _execute_ansible() method
P0-3: Add SSH target host whitelist validation
- Introduces validate_ssh_target_host() function
- Only allows SSH to: 192.168.0.110, 192.168.0.188
- Prevents unauthorized SSH target exploitation
- Added 5 new whitelist validation tests
P0-4: Convert HostRepairAgent to singleton pattern
- Implements __new__() singleton with shared _in_process_locks dict
- Ensures in-process locks persist across multiple auto_repair_service calls
- Previously created new instance per call, making locks ineffective
- Added singleton persistence test
Test Results: 45/45 passing (34 existing + 11 new P0 tests)
All security validations verified via comprehensive unit test coverage.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-04-07 11:09:45 +08:00
..
2026-03-25 16:08:49 +08:00
2026-04-05 12:11:05 +08:00
2026-03-25 09:26:58 +08:00
2026-03-28 18:51:52 +08:00
2026-03-26 16:06:20 +08:00
2026-04-03 13:22:36 +08:00
2026-04-03 13:22:36 +08:00
2026-04-05 12:03:15 +08:00
2026-04-01 16:20:57 +08:00
2026-03-29 23:55:38 +08:00
2026-04-06 11:46:05 +08:00
2026-04-06 11:46:05 +08:00
2026-03-31 16:25:00 +08:00
2026-04-01 16:02:16 +08:00
2026-04-06 14:39:03 +08:00
2026-04-03 19:35:13 +08:00
2026-03-29 16:00:46 +08:00
2026-03-26 15:32:52 +08:00
2026-03-29 15:57:04 +08:00
2026-03-23 23:51:37 +08:00
2026-04-05 12:44:13 +08:00
2026-03-26 21:55:50 +08:00
2026-04-05 00:39:29 +08:00
2026-04-04 12:35:05 +08:00
2026-04-05 12:11:05 +08:00
2026-04-04 12:35:05 +08:00
2026-04-05 00:22:38 +08:00
2026-03-22 18:57:44 +08:00
2026-03-29 16:23:30 +08:00
2026-03-29 16:00:46 +08:00
2026-03-31 12:01:56 +08:00
2026-03-31 12:23:02 +08:00
2026-04-05 14:44:32 +08:00
2026-03-31 16:06:35 +08:00
2026-04-01 11:11:50 +08:00
2026-03-24 12:57:36 +08:00
2026-03-31 16:06:35 +08:00
2026-03-24 12:57:36 +08:00
2026-04-07 11:09:45 +08:00
2026-03-26 19:25:52 +08:00
2026-03-31 22:47:54 +08:00
2026-03-31 22:47:54 +08:00
2026-04-03 14:40:27 +08:00
2026-03-29 22:17:27 +08:00
2026-03-31 11:23:38 +08:00
2026-03-26 21:55:50 +08:00
2026-04-03 14:40:27 +08:00
2026-04-06 11:25:44 +08:00
2026-04-02 09:02:41 +08:00
2026-03-31 18:55:06 +08:00
2026-03-26 10:01:57 +08:00
2026-03-31 13:57:10 +08:00
2026-03-26 12:49:30 +08:00
2026-04-03 16:36:16 +08:00
2026-03-31 16:06:35 +08:00
2026-04-04 11:46:25 +08:00
2026-04-06 11:46:05 +08:00
2026-04-04 12:02:03 +08:00
2026-04-05 13:07:59 +08:00
2026-04-01 16:16:28 +08:00
2026-03-26 16:03:16 +08:00
2026-03-29 16:00:46 +08:00
2026-04-04 12:35:05 +08:00
2026-04-05 13:40:52 +08:00
2026-03-29 15:27:49 +08:00
2026-04-01 16:20:57 +08:00
2026-03-26 13:06:47 +08:00
2026-03-26 15:32:52 +08:00
2026-03-29 15:27:49 +08:00
2026-04-06 11:53:48 +08:00
2026-03-30 01:52:59 +08:00
2026-03-24 09:20:56 +08:00
2026-03-26 16:06:20 +08:00
2026-03-26 22:13:10 +08:00
2026-03-31 11:28:46 +08:00