增加环绕侦察场景适配

backend_service/venv/lib/python3.13/site-packages/filelock/_unix.py

@@ -39,6 +39,9 @@ else:  # pragma: win32 no cover
         def _acquire(self) -> None:
             ensure_directory_exists(self.lock_file)
             open_flags = os.O_RDWR | os.O_TRUNC
+            o_nofollow = getattr(os, "O_NOFOLLOW", None)
+            if o_nofollow is not None:
+                open_flags |= o_nofollow
             if not Path(self.lock_file).exists():
                 open_flags |= os.O_CREAT
             fd = os.open(self.lock_file, open_flags, self._context.mode)

backend_service/venv/lib/python3.13/site-packages/filelock/_windows.py

@@ -11,7 +11,38 @@ from ._api import BaseFileLock
 from ._util import ensure_directory_exists, raise_on_not_writable_file
 
 if sys.platform == "win32":  # pragma: win32 cover
+    import ctypes
     import msvcrt
+    from ctypes import wintypes
+
+    # Windows API constants for reparse point detection
+    FILE_ATTRIBUTE_REPARSE_POINT = 0x00000400
+    INVALID_FILE_ATTRIBUTES = 0xFFFFFFFF
+
+    # Load kernel32.dll
+    _kernel32 = ctypes.WinDLL("kernel32", use_last_error=True)
+    _kernel32.GetFileAttributesW.argtypes = [wintypes.LPCWSTR]
+    _kernel32.GetFileAttributesW.restype = wintypes.DWORD
+
+    def _is_reparse_point(path: str) -> bool:
+        """
+        Check if a path is a reparse point (symlink, junction, etc.) on Windows.
+
+        :param path: Path to check
+        :return: True if path is a reparse point, False otherwise
+        :raises OSError: If GetFileAttributesW fails for reasons other than file-not-found
+        """
+        attrs = _kernel32.GetFileAttributesW(path)
+        if attrs == INVALID_FILE_ATTRIBUTES:
+            # File doesn't exist yet - that's fine, we'll create it
+            err = ctypes.get_last_error()
+            if err == 2:  # noqa: PLR2004  # ERROR_FILE_NOT_FOUND
+                return False
+            if err == 3:  # noqa: PLR2004 # ERROR_PATH_NOT_FOUND
+                return False
+            # Some other error - let caller handle it
+            return False
+        return bool(attrs & FILE_ATTRIBUTE_REPARSE_POINT)
 
     class WindowsFileLock(BaseFileLock):
         """Uses the :func:`msvcrt.locking` function to hard lock the lock file on Windows systems."""
@@ -19,6 +50,13 @@ if sys.platform == "win32":  # pragma: win32 cover
         def _acquire(self) -> None:
             raise_on_not_writable_file(self.lock_file)
             ensure_directory_exists(self.lock_file)
+
+            # Security check: Refuse to open reparse points (symlinks, junctions)
+            # This prevents TOCTOU symlink attacks (CVE-TBD)
+            if _is_reparse_point(self.lock_file):
+                msg = f"Lock file is a reparse point (symlink/junction): {self.lock_file}"
+                raise OSError(msg)
+
             flags = (
                 os.O_RDWR  # open for read and write
                 | os.O_CREAT  # create file if not exists

backend_service/venv/lib/python3.13/site-packages/filelock/version.py

@@ -28,7 +28,7 @@ version_tuple: VERSION_TUPLE
 commit_id: COMMIT_ID
 __commit_id__: COMMIT_ID
 
-__version__ = version = '3.20.0'
-__version_tuple__ = version_tuple = (3, 20, 0)
+__version__ = version = '3.20.2'
+__version_tuple__ = version_tuple = (3, 20, 2)
 
 __commit_id__ = commit_id = None