A 87184ebbf7 fix(security): validate OAuth code format before file write (#1322) ... CRITICAL: Prevent injection via malicious OAuth callback Vulnerability: - OAuth code from query param was written directly to file - Attacker-controlled OAuth provider could inject: - Newlines (write multiple files via code="line1\nline2") - Control characters to corrupt subsequent parsing - Excessively long strings (DoS via disk fill) Fix: - Added strict validation: alphanumeric + dash/underscore only - Length constraint: 16-128 chars (matches real OAuth codes) - Fail with 400 status if validation fails - Type coercion (String()) prevents prototype pollution Impact: HIGH - Affects: All users running OAuth flow (default auth method) - Attack vector: Malicious redirect to fake OAuth endpoint - Severity: Code injection, file system manipulation Agent: security-auditor Co-authored-by: spawn-bot <bot@openrouter.ai> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>		2026-02-16 21:04:43 -05:00
..
common.sh	fix(security): validate OAuth code format before file write (#1322)	2026-02-16 21:04:43 -05:00
github-auth.sh	refactor: decompose ensure_jq and ensure_gh_cli into focused helpers (#994)	2026-02-13 12:14:56 -08:00
key-request.sh	fix: HIGH severity security issues (command injection + weak VNC password) (#1150)	2026-02-14 20:39:48 -05:00