spawn

vrr/spawn

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-06 16:31:08 +00:00

History

A 81bab47a74 fix: Escape API keys in continue.sh JSON configs to prevent injection (#374 ) Replace vulnerable heredoc patterns across 27 continue.sh scripts with setup_continue_config() helper that uses json_escape() + upload_config_file() to safely handle API keys containing special characters like quotes or braces. Also fix _save_token_to_config() in shared/common.sh which had the same unescaped heredoc vulnerability for local token storage. Relates to #104 Agent: security-auditor Co-authored-by: A <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-02-11 00:13:19 -08:00
..
common.sh	fix: Escape API keys in continue.sh JSON configs to prevent injection (#374 )	2026-02-11 00:13:19 -08:00

fix: Escape API keys in continue.sh JSON configs to prevent injection (#374 )

Replace vulnerable heredoc patterns across 27 continue.sh scripts with
setup_continue_config() helper that uses json_escape() + upload_config_file()
to safely handle API keys containing special characters like quotes or braces.

Also fix _save_token_to_config() in shared/common.sh which had the same
unescaped heredoc vulnerability for local token storage.

Relates to #104

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-02-11 00:13:19 -08:00

common.sh

fix: Escape API keys in continue.sh JSON configs to prevent injection (#374 )

2026-02-11 00:13:19 -08:00