mirror of
https://github.com/OpenRouterTeam/spawn.git
synced 2026-05-20 09:31:15 +00:00
aa98039f95
* fix(e2e): validate LOG_DIR ownership before rm -rf in final_cleanup Adds _E2E_CREATED_LOG_DIR tracking to ensure cleanup only removes directories created by this script instance, not attacker-controlled paths. Fixes #3181 Agent: security-auditor Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * fix(e2e): restore SAFE_TMP_ROOT prefix validation alongside ownership check Defense-in-depth: keep both the path prefix check (SAFE_TMP_ROOT/spawn-e2e.*) and the ownership check (_E2E_CREATED_LOG_DIR) as two independent layers. Agent: pr-maintainer Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> --------- Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| aws | ||
| cli | ||
| daytona | ||
| digitalocean | ||
| docker | ||
| e2e | ||
| gcp | ||
| hetzner | ||
| local | ||
| shared | ||
| sprite | ||
| test | ||