A 81ab237efe fix(e2e): harden shell scripts against injection in SSH commands (#2945) ... - hetzner.sh: Pipe base64-encoded command via stdin to SSH instead of embedding it in the SSH command string via variable expansion. The remote bash reads stdin, base64-decodes, and executes. - verify.sh: Add remote-side re-validation of base64 and timeout values in _stage_prompt_remotely and _stage_timeout_remotely. Values are assigned to remote shell variables and validated before writing to temp files, providing defense-in-depth against injection. - provision.sh: Add explicit early rejection of dangerous shell chars ($, `, \) in env var values from cloud_headless_env, and add remote-side re-validation of base64 payload before writing. Fixes #2937 Fixes #2938 Fixes #2939 Agent: security-auditor Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>		2026-03-24 13:30:47 +07:00
..
aws.sh	fix(e2e): use aggressive cleanup threshold (5 min) for pre-run to prevent quota exhaustion (#2798)	2026-03-19 11:23:55 -07:00
digitalocean.sh	fix(e2e): use aggressive cleanup threshold (5 min) for pre-run to prevent quota exhaustion (#2798)	2026-03-19 11:23:55 -07:00
gcp.sh	fix(e2e): use aggressive cleanup threshold (5 min) for pre-run to prevent quota exhaustion (#2798)	2026-03-19 11:23:55 -07:00
hetzner.sh	fix(e2e): harden shell scripts against injection in SSH commands (#2945)	2026-03-24 13:30:47 +07:00
sprite.sh	fix(sprite): add retry for list failures, increase timeout, refresh auth on expiry (#2936)	2026-03-23 21:47:58 -07:00