charieswei
/
TradingAgents
mirror of https://github.com/TauricResearch/TradingAgents.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update main.py:fix: sanitize ticker input to prevent path traversal 

fix: sanitize ticker input to prevent path traversal
This commit is contained in:
Hewei603 2026-02-14 17:24:22 +08:00 committed by GitHub
parent 156afe9042
commit c025022872
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cli/main.py
View File

@ -29,7 +29,14 @@ from cli.models import AnalystType
from cli.utils import * from cli.utils import *
from cli.announcements import fetch_announcements, display_announcements from cli.announcements import fetch_announcements, display_announcements
from cli.stats_handler import StatsCallbackHandler from cli.stats_handler import StatsCallbackHandler
import re
def safe_ticker(ticker: str) -> str:
"""Sanitize ticker symbol to prevent path traversal attacks."""
if not re.match(r'^[A-Za-z0-9.\-]+$', ticker):
raise ValueError(f"Invalid ticker symbol: {ticker}")
return ticker
console = Console() console = Console()
app = typer.Typer( app = typer.Typer(
@ -899,6 +906,7 @@ def format_tool_args(args, max_length=80) -> str:
def run_analysis(): def run_analysis():
# First get all user selections # First get all user selections
selections = get_user_selections() selections = get_user_selections()
selections["ticker"] = safe_ticker(selections["ticker"])
# Create config with selected research depth # Create config with selected research depth
config = DEFAULT_CONFIG.copy() config = DEFAULT_CONFIG.copy()