修复12项安全漏洞和代码质量问题

安全修复: - 使用secrets替代random生成验证码，提升安全性 - 添加内存清理调度器，防止内存泄漏 - PIL缺失时返回503而非降级服务 - 改进会话安全配置，支持环境自动检测 - 密钥文件路径支持环境变量配置 Bug修复: - 改进异常处理，不再吞掉SystemExit/KeyboardInterrupt - 清理死代码(if False占位符) - 改进浏览器资源释放逻辑，使用try-finally确保关闭 - 重构数据库连接池归还逻辑，修复竞态条件 - 添加安全的JSON解析方法，处理损坏数据 - 日志级别默认值改为INFO - 提取魔法数字为可配置常量 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-11 20:00:19 +08:00
parent 126d4cbb52
commit acb22cf96b
7 changed files with 213 additions and 75 deletions
--- a/db_pool.py
+++ b/db_pool.py
@@ -65,7 +65,7 @@ class ConnectionPool:

    def return_connection(self, conn):
        """
-        归还连接到连接池 [已修复Bug#7, Bug#11]
+        归还连接到连接池 [安全修复: 改进竞态条件处理]

        Args:
            conn: 要归还的连接
@@ -73,42 +73,53 @@ class ConnectionPool:
        import sqlite3
        from queue import Full

+        if conn is None:
+            return
+
+        connection_healthy = False
        try:
            # 回滚任何未提交的事务
            conn.rollback()
            # 安全修复：验证连接是否健康，防止损坏的连接污染连接池
            conn.execute("SELECT 1")
-            self._pool.put(conn, block=False)
+            connection_healthy = True
        except sqlite3.Error as e:
            # 数据库相关错误，连接可能损坏
-            print(f"归还连接失败(数据库错误): {e}")
-            try:
-                conn.close()
-            except Exception as close_error:
-                print(f"关闭损坏的连接失败: {close_error}")
-            # 创建新连接补充
-            with self._lock:
-                try:
-                    new_conn = self._create_connection()
-                    self._pool.put(new_conn, block=False)
-                except Exception as create_error:
-                    print(f"重建连接失败: {create_error}")
-        except Full:
-            # 队列已满（不应该发生）
-            print(f"警告: 连接池已满，关闭多余连接")
-            try:
-                conn.close()
-            except Exception as close_error:
-                print(f"关闭多余连接失败: {close_error}")
+            print(f"连接健康检查失败(数据库错误): {e}")
        except Exception as e:
-            # Bug fix: 记录详细的异常堆栈，便于调试
-            import traceback
-            print(f"归还连接失败(未知错误): {e}")
-            print(f"异常堆栈:\n{traceback.format_exc()}")
+            print(f"连接健康检查失败(未知错误): {e}")
+
+        if connection_healthy:
            try:
-                conn.close()
-            except Exception as close_error:
-                print(f"关闭异常连接失败: {close_error}")
+                self._pool.put(conn, block=False)
+                return  # 成功归还
+            except Full:
+                # 队列已满（不应该发生，但处理它）
+                print(f"警告: 连接池已满，关闭多余连接")
+                connection_healthy = False  # 标记为需要关闭
+
+        # 连接不健康或队列已满，关闭它
+        try:
+            conn.close()
+        except Exception as close_error:
+            print(f"关闭连接失败: {close_error}")
+
+        # 如果连接不健康，尝试创建新连接补充池
+        if not connection_healthy:
+            with self._lock:
+                # 双重检查：确保池确实需要补充
+                if self._pool.qsize() < self.pool_size:
+                    try:
+                        new_conn = self._create_connection()
+                        self._pool.put(new_conn, block=False)
+                    except Full:
+                        # 在获取锁期间池被填满了，关闭新建的连接
+                        try:
+                            new_conn.close()
+                        except Exception:
+                            pass
+                    except Exception as create_error:
+                        print(f"重建连接失败: {create_error}")

    def close_all(self):
        """关闭所有连接"""