[{"data":1,"prerenderedAt":183},["ShallowReactive",2],{"toc-\u002Ftasks\u002Fpython-workflow-upload-authorization":3,"page-\u002Ftasks\u002Fpython-workflow-upload-authorization":114},{"id":4,"title":5,"body":6,"description":106,"extension":107,"meta":108,"navigation":109,"path":110,"seo":111,"stem":112,"__hash__":113},"content\u002Ftasks\u002Fpython-workflow-upload-authorization.md","Upload authorization (Python workflow)",{"type":7,"value":8,"toc":100},"minimark",[9,13,17,85,90,93,97],[10,11,5],"h1",{"id":12},"upload-authorization-python-workflow",[14,15,16],"p",{},"A Python workflow service has an older upload path that still accepts caller-controlled files. The task is to bring that path under the same authorization and upload-size boundary as the supported flow while preserving the response shape callers already rely on.",[18,19,20,33],"table",{},[21,22,23],"thead",{},[24,25,26,30],"tr",{},[27,28,29],"th",{},"Dimension",[27,31,32],{},"Preview",[34,35,36,45,53,61,69,77],"tbody",{},[24,37,38,42],{},[39,40,41],"td",{},"Ecosystem",[39,43,44],{},"Python",[24,46,47,50],{},[39,48,49],{},"CWE class",[39,51,52],{},"CWE-285 (Improper Authorization), CWE-770 (resource limits)",[24,54,55,58],{},[39,56,57],{},"Security theme",[39,59,60],{},"Authorization and upload limits",[24,62,63,66],{},[39,64,65],{},"Work type",[39,67,68],{},"Route hardening with compatibility constraints",[24,70,71,74],{},[39,72,73],{},"Disclosure",[39,75,76],{},"Class-level security brief",[24,78,79,82],{},[39,80,81],{},"Grading focus",[39,83,84],{},"Auth behavior, size-limit behavior, and normal upload compatibility",[86,87,89],"h2",{"id":88},"environment","Environment",[14,91,92],{},"The agent has to compare related route implementations and repair the path that is out of policy. A one-line guard is not sufficient if it changes argument binding, skips the limit path, or alters the endpoint contract.",[86,94,96],{"id":95},"evaluation-focus","Evaluation focus",[14,98,99],{},"The environment separates complete authorization and limit coverage from fixes that guard the wrong path, skip the size boundary, or change endpoint behavior. Strong solutions keep the existing response contract intact while closing the legacy path.",{"title":101,"searchDepth":102,"depth":102,"links":103},"",2,[104,105],{"id":88,"depth":102,"text":89},{"id":95,"depth":102,"text":96},"Bring a legacy upload path under the correct authorization and size-limit boundary while preserving the service contract.","md",{},true,"\u002Ftasks\u002Fpython-workflow-upload-authorization",{"title":5,"description":106},"tasks\u002Fpython-workflow-upload-authorization","KFzS9UELW1OWdw8NaBjzGj0FzP6ERHdB4vlnnsfM5hM",{"id":4,"title":5,"body":115,"description":106,"extension":107,"meta":181,"navigation":109,"path":110,"seo":182,"stem":112,"__hash__":113},{"type":7,"value":116,"toc":177},[117,119,121,169,171,173,175],[10,118,5],{"id":12},[14,120,16],{},[18,122,123,131],{},[21,124,125],{},[24,126,127,129],{},[27,128,29],{},[27,130,32],{},[34,132,133,139,145,151,157,163],{},[24,134,135,137],{},[39,136,41],{},[39,138,44],{},[24,140,141,143],{},[39,142,49],{},[39,144,52],{},[24,146,147,149],{},[39,148,57],{},[39,150,60],{},[24,152,153,155],{},[39,154,65],{},[39,156,68],{},[24,158,159,161],{},[39,160,73],{},[39,162,76],{},[24,164,165,167],{},[39,166,81],{},[39,168,84],{},[86,170,89],{"id":88},[14,172,92],{},[86,174,96],{"id":95},[14,176,99],{},{"title":101,"searchDepth":102,"depth":102,"links":178},[179,180],{"id":88,"depth":102,"text":89},{"id":95,"depth":102,"text":96},{},{"title":5,"description":106},1779193092949]