pengjunjie/ragflow
1
0
Fork 1
mirror of https://github.com/infiniflow/ragflow.git synced 2026-01-23 19:46:39 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
accae951263ab46ce0e9c4e4b4f51cd0ae6adf9a
ragflow/deepdoc/parser
History
Yongteng Lei 64c75d558e Fix: zip extraction vulnerabilities in MinerU and TCADP (#12527) 
### What problem does this PR solve?

Fix zip extraction vulnerabilities:
   - Block symlink entries in zip files.
   - Reject encrypted zip entries.
   - Prevent absolute path attacks (including Windows paths).
   - Block path traversal attempts (../).
   - Stop zip slip exploits (directory escape).
   - Use streaming for memory-safe file handling.

### Type of change

- [x] Bug Fix (non-breaking change which fixes an issue)
2026-01-13 12:24:50 +08:00
..
resume
Add license and Fix IDE warnings (#11985)
2025-12-17 17:04:44 +08:00
__init__.py
Feat: advanced markdown parsing (#9607)
2025-08-21 09:36:18 +08:00
docling_parser.py
refactor: docling parser will close bytes io (#12280)
2025-12-29 13:33:27 +08:00
docx_parser.py
Refactor parser code (#9042)
2025-07-25 12:04:07 +08:00
excel_parser.py
Feat: enhance Excel image extraction with vision-based descriptions (#12054)
2025-12-22 10:17:44 +08:00
figure_parser.py
refactor: remove debug print statements (#12534)
2026-01-09 19:23:50 +08:00
html_parser.py
Fix errors (#11795)
2025-12-08 09:42:10 +08:00
json_parser.py
Feat: parsing supports jsonl or ldjson format (#9087)
2025-07-30 09:48:20 +08:00
markdown_parser.py
Fix: incorrect image merging for naive markdown parser (#11520)
2025-11-25 19:54:06 +08:00
mineru_parser.py
Fix: zip extraction vulnerabilities in MinerU and TCADP (#12527)
2026-01-13 12:24:50 +08:00
paddleocr_parser.py
feat: PaddleOCR PDF parser supports thumnails and positions (#12565)
2026-01-13 09:51:08 +08:00
pdf_parser.py
Refine: image/table context. (#12336)
2025-12-30 20:24:27 +08:00
ppt_parser.py
Refactor:remove useless try catch for ppt parser (#12063)
2025-12-22 13:09:42 +08:00
tcadp_parser.py
Fix: zip extraction vulnerabilities in MinerU and TCADP (#12527)
2026-01-13 12:24:50 +08:00
txt_parser.py
Move token related functions to common (#10942)
2025-11-03 08:50:05 +08:00
utils.py
Update comments (#4569)
2025-01-21 20:52:28 +08:00