2414057c08
* feat(security): enhance file path validation and implement non-root Docker user - Validate resolved full file paths including workspace boundaries in SecureFileStore - Resolve paths before validation in readFile and writeFile operations - Run Docker container as non-root flowise user (uid/gid 1001) - Apply proper file ownership and permissions for application files Prevents path traversal attacks and follows container security best practices * Add sensitive system directory validation and Flowise internal file protection * Update Dockerfile to use default node user * update validation patterns to include additional system binary directories (/usr/bin, /usr/sbin, /usr/local/bin) * added isSafeBrowserExecutable function to validate browser executable paths for Playwright and Puppeteer loaders --------- Co-authored-by: taraka-vishnumolakala <taraka.vishnumolakala@workday.com> Co-authored-by: Henry Heng <henryheng@flowiseai.com> Co-authored-by: Henry <hzj94@hotmail.com> |
||
|---|---|---|
| .. | ||
| agentflow | ||
| agents | ||
| analytic | ||
| cache | ||
| chains | ||
| chatmodels | ||
| documentloaders | ||
| embeddings | ||
| engine | ||
| graphs/Neo4j | ||
| llms | ||
| memory | ||
| moderation | ||
| multiagents | ||
| outputparsers | ||
| prompts | ||
| recordmanager | ||
| responsesynthesizer | ||
| retrievers | ||
| sequentialagents | ||
| speechtotext/assemblyai | ||
| textsplitters | ||
| tools | ||
| utilities | ||
| vectorstores | ||