修复37项安全漏洞和Bug

高危修复: - app.py: 添加ip_rate_limit_lock线程锁保护IP限流字典 - app.py: 添加validate_ip_port()验证代理IP/端口范围 - database.py: SQL字段名白名单验证防止注入 - playwright_automation.py: 改进浏览器进程强制清理逻辑中危修复: - database.py: 统一时区处理函数get_cst_now() - database.py: 消除循环导入,移动app_security导入到顶部 - playwright_automation.py: 所有bare except改为except Exception - app_config.py: dotenv导入失败警告+安全配置检查 - db_pool.py: 添加详细异常堆栈日志 - app_security.py: 用户名过滤零宽字符 - database.py: delete_old_task_logs分批删除避免锁表 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-11 19:35:29 +08:00
parent de51e1b7c7
commit 2e4b64dcb2
6 changed files with 290 additions and 96 deletions
--- a/db_pool.py
+++ b/db_pool.py
@@ -101,7 +101,10 @@ class ConnectionPool:
            except Exception as close_error:
                print(f"关闭多余连接失败: {close_error}")
        except Exception as e:
+            # Bug fix: 记录详细的异常堆栈，便于调试
+            import traceback
            print(f"归还连接失败(未知错误): {e}")
+            print(f"异常堆栈:\n{traceback.format_exc()}")
            try:
                conn.close()
            except Exception as close_error: