vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-20 01:11:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

fix: use safe inject_env_vars helpers in 4 missed scripts (#941)

Browse source 
Replaces unsafe direct shell interpolation of OPENROUTER_API_KEY with
the inject_env_vars_ssh/inject_env_vars_local helpers that use
single-quoted values to prevent shell injection.

Affected scripts:
- codesandbox/codex.sh
- codesandbox/interpreter.sh
- codesandbox/gptme.sh
- atlanticnet/goose.sh

This is the same class of fix applied in PR #937 to 3 other scripts,
but these 4 were missed.

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
A 2026-02-13 07:00:26 -08:00 committed by GitHub
parent eacaf6fd03
commit 78d95d0399
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 13 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

7
atlanticnet/goose.sh
View file

@ -51,10 +51,9 @@ else
fi
log_step "Setting up environment variables..."
run_server "${ATLANTICNET_SERVER_IP}" "cat >> ~/.bashrc << 'EOF'
export GOOSE_PROVIDER=openrouter
export OPENROUTER_API_KEY=${OPENROUTER_API_KEY}
EOF"
inject_env_vars_ssh "${ATLANTICNET_SERVER_IP}" upload_file run_server \
"GOOSE_PROVIDER=openrouter" \
"OPENROUTER_API_KEY=${OPENROUTER_API_KEY}"
echo ""
log_info "Server setup completed successfully!"

7
codesandbox/codex.sh
View file

@ -29,9 +29,10 @@ else
fi
log_step "Setting up environment variables..."
run_server 'echo "export OPENROUTER_API_KEY=\"'"${OPENROUTER_API_KEY}"'\"" >> ~/.bashrc'
run_server 'echo "export OPENAI_API_KEY=\"'"${OPENROUTER_API_KEY}"'\"" >> ~/.bashrc'
run_server 'echo "export OPENAI_BASE_URL=\"https://openrouter.ai/api/v1\"" >> ~/.bashrc'
inject_env_vars_local upload_file run_server \
"OPENROUTER_API_KEY=${OPENROUTER_API_KEY}" \
"OPENAI_API_KEY=${OPENROUTER_API_KEY}" \
"OPENAI_BASE_URL=https://openrouter.ai/api/v1"
echo ""
log_info "CodeSandbox setup completed successfully!"

3
codesandbox/gptme.sh
View file

@ -47,7 +47,8 @@ MODEL_ID=$(get_model_id_interactive "openrouter/auto" "gptme") || exit 1
# Inject environment variables
log_step "Setting up environment variables..."
run_server 'echo "export OPENROUTER_API_KEY=\"'"${OPENROUTER_API_KEY}"'\"" >> ~/.bashrc'
inject_env_vars_local upload_file run_server \
"OPENROUTER_API_KEY=${OPENROUTER_API_KEY}"
echo ""
log_info "CodeSandbox setup completed successfully!"

7
codesandbox/interpreter.sh
View file

@ -32,9 +32,10 @@ else
fi
log_step "Setting up environment variables..."
run_server 'echo "export OPENROUTER_API_KEY=\"'"${OPENROUTER_API_KEY}"'\"" >> ~/.bashrc'
run_server 'echo "export OPENAI_API_KEY=\"'"${OPENROUTER_API_KEY}"'\"" >> ~/.bashrc'
run_server 'echo "export OPENAI_BASE_URL=\"https://openrouter.ai/api/v1\"" >> ~/.bashrc'
inject_env_vars_local upload_file run_server \
"OPENROUTER_API_KEY=${OPENROUTER_API_KEY}" \
"OPENAI_API_KEY=${OPENROUTER_API_KEY}" \
"OPENAI_BASE_URL=https://openrouter.ai/api/v1"
echo ""
log_info "CodeSandbox setup completed successfully!"