Skip to content

Comments

Dev#19

Merged
usnavy13 merged 8 commits intomainfrom
dev
Dec 28, 2025
Merged

Dev#19
usnavy13 merged 8 commits intomainfrom
dev

Conversation

@usnavy13
Copy link
Owner

@usnavy13 usnavy13 commented Dec 28, 2025

Description

Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.

Fixes # (issue)

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

  • Test A
  • Test B

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

@usnavy13
refactor: Update process limits in configuration and container manage…
af9c77d 
…ment

- Replaced `max_processes` with `max_pids` and updated its description to clarify its role in preventing fork bombs.
- Adjusted `max_processes` to reflect per-UID nproc ulimit, ensuring it is set high since `max_pids` manages per-container limits.
- Added environment variable settings in `ContainerManager` to limit OpenBLAS/OpenMP threads, preventing nproc exhaustion.
- Configured `pids_limit` in container settings to utilize the new `max_pids` value for enhanced process management.
@usnavy13
refactor: Update process limits and configuration for container manag…
a8909b9 
…ement

- Replaced `MAX_PROCESSES` with `MAX_PIDS` in configuration files to clarify its role in managing per-container process limits.
- Updated `security-profiles.json` to reflect new `pidsLimit` values and removed deprecated `nproc` settings.
- Adjusted documentation to include `MAX_PIDS` and its description, ensuring clarity on resource limits.
- Cleaned up `ContainerManager` to remove references to `nproc`, focusing on `pids_limit` for enhanced process management.
@usnavy13
refactor: Update container configuration settings for read-only and t…
f83df4f 
…mpfs options

- Replaced hardcoded values for `read_only` and `tmpfs` in `ContainerManager` with settings from the configuration to enhance flexibility and maintainability.
- This change allows for easier adjustments to container settings without modifying the code directly.
@usnavy13
feat: Implement seccomp profile for enhanced container security
e47e2a0 
- Added a new seccomp profile (`seccomp-sandbox.json`) to block dangerous syscalls, enhancing container security.
- Updated `docker-compose.yml` to mount the seccomp profile into the container.
- Modified configuration settings to allow specification of the seccomp profile path.
- Enhanced `ContainerManager` to load and apply the seccomp profile during container creation.
- Added integration tests to verify that the seccomp profile correctly blocks the `ptrace` syscall and that the profile file is valid.
@usnavy13
chore: Update configuration and tests for file handling and resource …
109eea5 
…limits

- Increased `MAX_EXECUTION_TIME` from 30 to 120 seconds in `.env.example` for extended processing capabilities.
- Enabled `ENABLE_ORPHAN_MINIO_CLEANUP` in `.env.example` to allow periodic cleanup of orphaned MinIO objects.
- Disabled documentation generation by setting `ENABLE_DOCS` to false in `.env.example`.
- Added new integration tests in `test_file_handling.py` to validate the complete workflow of uploading, analyzing, and downloading CSV and JSON files, as well as processing images with OpenCV.
@usnavy13
refactor: Rename max_processes to max_pids in configuration settings
8193e1b 
- Updated the configuration to replace `max_processes` with `max_pids` for clarity in managing per-container process limits.
@usnavy13
feat: Expand allowed file extensions in security configuration
fa0d182 
- Added a comprehensive list of allowed file extensions for various categories including text, Microsoft Office, OpenDocument formats, data formats, images, web files, scripts, and archives to enhance file handling capabilities.
@usnavy13
feat: Implement filename sanitization for file uploads and listings
8d6c5d8 
- Added `sanitize_filename` method in `OutputProcessor` to ensure filenames are safe for container use by replacing non-alphanumeric characters and handling edge cases.
- Updated `upload_file` and `list_files` functions to utilize the new sanitization logic, ensuring consistent filename formatting across file operations.
- Introduced unit tests for `sanitize_filename` to validate its functionality and edge case handling.
@usnavy13 usnavy13 merged commit 038df52 into main Dec 28, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@usnavy13