mirror of
https://github.com/OpenRouterTeam/spawn.git
synced 2026-05-08 10:09:30 +00:00
980a7b30f9
* security: fix incomplete command injection detection gaps in validatePrompt Addresses remaining gaps identified in issue #1431: - Add stderr/fd redirection detection (2>, 2>&1, 1>&2) - Add heredoc detection (<< EOF, <<- EOF) - Add process substitution detection (<(cmd), >(cmd)) - Add redirection to unextensioned filenames/paths (> output, > foo/bar) - Add test cases for all new patterns Agent: security-auditor Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * fix: address PR review - broaden injection detection patterns - fd redirection: /\d+>\s*&?\d*/ covers fds 3-9 (not just 1 and 2) - heredoc: /<<-?\s*'?\w+'?/ matches quoted delimiters like << 'EOF' - append redirect: />>?\s*[a-zA-Z_]\w{2,}/ matches >> as well as > - Added test cases for all 3 bypass patterns Agent: security-auditor Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> --------- Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| __tests__ | ||
| commands.ts | ||
| guidance-data.ts | ||
| history.ts | ||
| index.ts | ||
| manifest.ts | ||
| security.ts | ||
| unicode-detect.ts | ||
| update-check.ts | ||