Skip to content

fix: API Key脱敏, exec沙箱, 密码环境变量化, CORS/WebSocket安全加固#35

Open
cghggchg765-create wants to merge 1 commit into
iDC-NEU:mainfrom
cghggchg765-create:fix/security
Open

fix: API Key脱敏, exec沙箱, 密码环境变量化, CORS/WebSocket安全加固#35
cghggchg765-create wants to merge 1 commit into
iDC-NEU:mainfrom
cghggchg765-create:fix/security

Conversation

@cghggchg765-create
Copy link
Copy Markdown

@cghggchg765-create cghggchg765-create commented May 19, 2026

安全修复 (14项): 3套API Key→环境变量, 5处硬编码密码→env, exec()沙箱(SAFE_BUILTINS白名单), CORS环境变量化, WebSocket Token认证, Flask debug环境变量, 线程锁双重检查, API Key Base64混淆, .env.example模板

@superccy
Copy link
Copy Markdown
Collaborator

superccy commented May 19, 2026

感谢您关注 YiGraph 并提交 PR!这个 PR 里有不少安全加固思路很有价值,但部分核心代码调整和设计方案还需要进一步讨论。方便的话可以加我微信:ccy1013858730,我们一起对齐下实现方案。再次感谢您的贡献!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cghggchg765-create @superccy @qweqwe21321