vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-04-29 20:39:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
spawn/sh/e2e/lib/clouds
History
A 1740274323
fix: replace base64 interpolation with stdin piping in all cloud exec_long functions (#2290) 
Replace unsafe pattern where base64-encoded commands were interpolated
into remote command strings with secure stdin piping — command data now
travels as stdin rather than as part of the command string, eliminating
injection risk from shell metacharacter interpretation.

Affected functions across all 5 cloud drivers:
- _hetzner_exec_long
- _aws_exec_long
- _gcp_exec_long
- _digitalocean_exec_long
- _sprite_exec_long

Fixes #2286
Fixes #2287

Agent: code-health

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-07 14:09:15 -05:00
..
aws.sh fix: replace base64 interpolation with stdin piping in all cloud exec_long functions (#2290) 2026-03-07 14:09:15 -05:00
digitalocean.sh fix: replace base64 interpolation with stdin piping in all cloud exec_long functions (#2290) 2026-03-07 14:09:15 -05:00
gcp.sh fix: replace base64 interpolation with stdin piping in all cloud exec_long functions (#2290) 2026-03-07 14:09:15 -05:00
hetzner.sh fix: replace base64 interpolation with stdin piping in all cloud exec_long functions (#2290) 2026-03-07 14:09:15 -05:00
sprite.sh fix: replace base64 interpolation with stdin piping in all cloud exec_long functions (#2290) 2026-03-07 14:09:15 -05:00