Files
ewoooc/utils
ooo f7a5f8505f
All checks were successful
CD Pipeline / deploy (push) Successful in 1m8s
refactor(p1-01a): app.py 安全工具抽到 utils/security.py
從 app.py 抽出純驗證邏輯 (~180 行) 到 utils/security.py:
- ALLOWED_TABLES 白名單常數
- validate_table_name / validate_column_names (SQL injection 防護)
- safe_join (路徑遍歷防護)
- ALLOWED_UPLOAD_EXTENSIONS / ALLOWED_MIME_TYPES
- secure_filename_unicode / allowed_file / validate_upload_file (上傳驗證)

app.py 保留 from utils.security import * 維持 backward compat,
讓 tests/test_path_traversal.py、tests/test_sql_security.py、
tests/test_file_upload.py 不需修改即可繼續使用 from app import xxx。

行數變化: app.py 7,386 → 7,206 (-180)
2026-04-28 15:42:44 +08:00
..