2414057c08
* feat(security): enhance file path validation and implement non-root Docker user - Validate resolved full file paths including workspace boundaries in SecureFileStore - Resolve paths before validation in readFile and writeFile operations - Run Docker container as non-root flowise user (uid/gid 1001) - Apply proper file ownership and permissions for application files Prevents path traversal attacks and follows container security best practices * Add sensitive system directory validation and Flowise internal file protection * Update Dockerfile to use default node user * update validation patterns to include additional system binary directories (/usr/bin, /usr/sbin, /usr/local/bin) * added isSafeBrowserExecutable function to validate browser executable paths for Playwright and Puppeteer loaders --------- Co-authored-by: taraka-vishnumolakala <taraka.vishnumolakala@workday.com> Co-authored-by: Henry Heng <henryheng@flowiseai.com> Co-authored-by: Henry <hzj94@hotmail.com> |
||
|---|---|---|
| .. | ||
| credentials | ||
| evaluation | ||
| nodes | ||
| src | ||
| README-ZH.md | ||
| README.md | ||
| gulpfile.ts | ||
| jest.config.js | ||
| models.json | ||
| package.json | ||
| tsconfig.json | ||
README.md
Flowise Components
English | 中文
Apps integration for Flowise. Contain Nodes and Credentials.
Install:
npm i flowise-components
License
Source code in this repository is made available under the Apache License Version 2.0.