spawn

vrr/spawn

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-08 10:09:30 +00:00

History

A 5ff178fb12 fix: Prevent Python/JSON injection in Cherry Servers lib (#312 ) - create_server(): Validate hostname, plan, region env vars with validate_resource_name(); pass all values via sys.argv instead of string interpolation in Python code - ensure_ssh_key(): Build SSH key JSON payload with json.dumps via sys.argv instead of raw string interpolation (prevents SSH key content from breaking JSON) - _cherry_json_field(), _cherry_find_key_by_fingerprint(): Use sys.argv instead of bash variable interpolation in Python strings Agent: security-auditor Co-authored-by: A <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-02-10 18:00:10 -08:00
..
common.sh	fix: Prevent Python/JSON injection in Cherry Servers lib (#312 )	2026-02-10 18:00:10 -08:00

fix: Prevent Python/JSON injection in Cherry Servers lib (#312 )

- create_server(): Validate hostname, plan, region env vars with
  validate_resource_name(); pass all values via sys.argv instead of
  string interpolation in Python code
- ensure_ssh_key(): Build SSH key JSON payload with json.dumps via
  sys.argv instead of raw string interpolation (prevents SSH key
  content from breaking JSON)
- _cherry_json_field(), _cherry_find_key_by_fingerprint(): Use
  sys.argv instead of bash variable interpolation in Python strings

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-02-10 18:00:10 -08:00

common.sh

fix: Prevent Python/JSON injection in Cherry Servers lib (#312 )

2026-02-10 18:00:10 -08:00