vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-07 00:50:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

fix: track OAuth temp directories for cleanup on exit (#1344)

Browse source 
Security review complete. Merge conflict resolved (combined error handling + track_temp_file). All tests passed (80/80). Low-risk reliability fix.
This commit is contained in:
A 2026-02-16 17:28:35 -08:00 committed by GitHub
parent e92522f138
commit b540f69248
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
shared/common.sh
View file

@ -943,6 +943,9 @@ _init_oauth_session() {
return 1
fi
# Track directory for cleanup on exit
track_temp_file "${oauth_dir}"
# SECURITY: Generate random CSRF state token (32 hex chars = 128 bits)
local csrf_state
csrf_state=$(_generate_csrf_state)
@ -1253,7 +1256,7 @@ track_temp_file() {
CLEANUP_TEMP_FILES+=("${temp_file}")
}
# Cleanup function for temporary files
# Cleanup function for temporary files and directories
# Called automatically on EXIT, INT, TERM signals
cleanup_temp_files() {
local exit_code=$?
@ -1262,6 +1265,9 @@ cleanup_temp_files() {
if [[ -f "${temp_file}" ]]; then
# Securely remove temp files (may contain credentials)
shred -f -u "${temp_file}" 2>/dev/null || rm -f "${temp_file}"
elif [[ -d "${temp_file}" ]]; then
# Remove temp directories (e.g., OAuth session dirs)
rm -rf "${temp_file}"
fi
done