vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-10 12:20:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
spawn/shared
History
A 34b093fce0
fix: escape control characters in json_escape bash fallback (#1497) 
The json_escape fallback (used when python3 is unavailable) only escaped
backslashes and double quotes, producing invalid JSON when input contained
newlines, tabs, or carriage returns. This could cause JSON injection in
API request bodies sent to cloud providers (Hetzner, DigitalOcean, Fly.io)
and corrupt credential config files.

Add escaping for \n, \r, and \t in the fallback path. The python3 primary
path (json.dumps) was already correct.

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-20 00:05:20 -05:00
..
common.sh fix: escape control characters in json_escape bash fallback (#1497) 2026-02-20 00:05:20 -05:00
github-auth.sh fix: persist gh auth credentials for interactive sessions (#1491) 2026-02-19 19:30:44 -05:00
key-request.sh security: prevent command injection in key-request.sh env var loading (#1415) 2026-02-17 13:53:49 -05:00