charieswei
/
TradingAgents
mirror of https://github.com/TauricResearch/TradingAgents.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
70 Commits 2 Branches 6 Tags 543 MiB
Commit Graph

11 Commits

Author SHA1 Message Date
Claude 218cedf56f
security: Apply critical security fixes from PR #281 review 
Implement the top 3 critical security fixes identified in Gemini code review:

**Fix 1: ChromaDB Reset Protection**
- Changed `allow_reset=True` to `False` in memory.py
- Prevents catastrophic database deletion in production
- File: tradingagents/agents/utils/memory.py:13

**Fix 2: Path Traversal Prevention**
- Added `validate_ticker_symbol()` function with comprehensive validation
- Applied validation to 5 functions using ticker in file paths:
  - get_YFin_data_window()
  - get_YFin_data()
  - get_data_in_range()
  - get_finnhub_company_insider_sentiment()
  - get_finnhub_company_insider_transactions()
- Blocks: path traversal (../, \\), invalid chars, length > 10
- File: tradingagents/dataflows/local.py

**Fix 3: CLI Input Validation**
- Added validation loop to get_ticker() with user-friendly error messages
- Prevents malicious input at entry point
- Validates format, blocks traversal, limits length
- File: cli/main.py:499-521

**Testing:**
- Validation logic verified with attack vectors:
  - ../../etc/passwd (blocked ✓)
  - Long tickers (blocked ✓)
  - Special characters (blocked ✓)
  - Valid tickers: AAPL, BRK.B (pass ✓)

**Changes:**
- 3 files changed, 65 insertions(+), 3 deletions(-)
- Implementation time: ~20 minutes
- Zero breaking changes to existing functionality

**References:**
- Security analysis: docs/security/PR281_CRITICAL_FIXES.md
- Future roadmap: docs/security/FUTURE_HARDENING.md

Addresses critical path traversal (CWE-22) and data loss vulnerabilities.
 2025-11-19 09:01:11 +00:00
luohy15 8b04ec307f minor fix 2025-09-26 23:25:33 +08:00
luohy15 0ab323c2c6 Add Alpha Vantage API integration as primary data provider 
- Replace FinnHub with Alpha Vantage API in README documentation
- Implement comprehensive Alpha Vantage modules:
  - Stock data (daily OHLCV with date filtering)
  - Technical indicators (SMA, EMA, MACD, RSI, Bollinger Bands, ATR)
  - Fundamental data (overview, balance sheet, cashflow, income statement)
  - News and sentiment data with insider transactions
- Update news analyst tools to use ticker-based news search
- Integrate Alpha Vantage vendor methods into interface routing
- Maintain backward compatibility with existing vendor system

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-09-26 22:57:50 +08:00
luohy15 a6734d71bc WIP 2025-09-26 16:17:50 +08:00
Max Wong 43aa9c5d09
Local Ollama (#53) 
- Fix typo 'Start' 'End'
- Add llama3.1 selection
- Use 'quick_think_llm' model instead of hard-coding GPT
 2025-06-26 00:27:01 -04:00
Yijia Xiao 26c5ba5a78
Revert "Docker support and Ollama support (#47)" (#57) 
This reverts commit 78ea029a0b.
 2025-06-26 00:07:58 -04:00
Geeta Chauhan 78ea029a0b
Docker support and Ollama support (#47) 
- Added support for running CLI and Ollama server via Docker
- Introduced tests for local embeddings model and standalone Docker setup
- Enabled conditional Ollama server launch via LLM_PROVIDER
 2025-06-25 23:57:05 -04:00
Edward Sun 7eaf4d995f update clear msg bc anthropic needs at least 1 msg in chat call 2025-06-15 23:14:47 -07:00
Edward Sun da84ef43aa main works, cli bugs 2025-06-15 22:20:59 -07:00
maxer137 99789f9cd1 Add support for other backends, such as OpenRouter and olama 
This aims to offer alternative OpenAI capable api's.
This offers people to experiment with running the application locally
 2025-06-11 14:19:25 +02:00
Yijia-Xiao cc97cb6d5d chore(release): v0.1.0 – initial public release of TradingAgents 2025-06-05 04:27:57 -07:00