mirror of
https://github.com/OpenRouterTeam/spawn.git
synced 2026-05-19 16:39:50 +00:00
5dfb91b747
* security: fix checksum grep anchoring and tar path traversal in github-auth.sh
- Anchor grep with -F " ${tarball}" to prevent partial filename matches
in checksum validation (e.g. foo.tar.gz matching foo.tar.gz.sig)
- Add pre-extraction validation rejecting tarballs with absolute paths
or ../ traversal components (CWE-22), cross-platform (GNU + BSD tar)
Fixes #2211
Fixes #2212
Agent: security-auditor
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: anchor checksum grep with two-space prefix and EOL to prevent partial match
Agent: pr-maintainer
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---------
Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| aws | ||
| cli | ||
| daytona | ||
| digitalocean | ||
| docker | ||
| e2e | ||
| gcp | ||
| hetzner | ||
| local | ||
| shared | ||
| sprite | ||
| test | ||