vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-04-28 11:59:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
spawn/sh/e2e/lib
History
A 8d76ad90d3
security: base64-encode cmd in _sprite_exec to prevent injection (#2803) 
Apply the same base64 encoding mitigation used by all other cloud
drivers (aws, hetzner, digitalocean, gcp). The command is encoded
locally, validated for safe characters, then decoded and executed
on the remote side via `base64 -d | bash`.

Fixes #2800

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-19 13:19:07 -07:00
..
clouds security: base64-encode cmd in _sprite_exec to prevent injection (#2803) 2026-03-19 13:19:07 -07:00
common.sh fix(e2e): add per-agent timeout to prevent silent hangs in E2E runs (#2720) 2026-03-17 13:16:09 -07:00
provision.sh fix(e2e): increase provision timeout for junie on hetzner (#2683) 2026-03-16 00:54:03 -07:00
soak.sh feat(qa): telegram soak test on digitalocean + fix bun -e (#2547) 2026-03-12 19:45:18 -04:00
teardown.sh feat(e2e): multi-cloud test suite with cloud driver pattern (#2004) 2026-02-27 19:28:08 -08:00
verify.sh security: pass encoded prompt via env var, not string interpolation (#2799) 2026-03-19 11:23:08 -07:00