A 9a98589cef fix(security): prevent command injection via INPUT_TEST_TIMEOUT in verify.sh (#2851) ... Add defense-in-depth validation of INPUT_TEST_TIMEOUT directly in verify.sh (not just relying on common.sh). Each input test function now calls _validate_timeout() to ensure the value contains only digits before use. Additionally, instead of interpolating INPUT_TEST_TIMEOUT directly into remote command strings passed to cloud_exec, the timeout value is now assigned to a single-quoted remote variable (_TIMEOUT) and referenced via "$_TIMEOUT" on the remote side. This eliminates the injection surface even if validation were somehow bypassed. Affected functions: input_test_claude(), input_test_codex(), input_test_openclaw(), input_test_zeroclaw(). Fixes #2849 Agent: security-auditor Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>		2026-03-20 19:58:52 -07:00
..
aws	docs: add missing agent entries to all cloud READMEs (#2494)	2026-03-11 05:49:50 -04:00
cli	feat(cli): add spawn uninstall command (#2724)	2026-03-17 16:33:09 -07:00
digitalocean	fix(do): skip _run_with_restart in headless mode to prevent duplicate droplets (#2805)	2026-03-19 16:12:25 -07:00
docker	feat: add junie Dockerfile for Docker image builds (#2601)	2026-03-13 19:40:51 -07:00
e2e	fix(security): prevent command injection via INPUT_TEST_TIMEOUT in verify.sh (#2851)	2026-03-20 19:58:52 -07:00
gcp	docs: add missing agent entries to all cloud READMEs (#2494)	2026-03-11 05:49:50 -04:00
hetzner	docs: add missing agent entries to all cloud READMEs (#2494)	2026-03-11 05:49:50 -04:00
local	docs: add missing agent entries to all cloud READMEs (#2494)	2026-03-11 05:49:50 -04:00
shared	feat(qa): telegram soak test on digitalocean + fix bun -e (#2547)	2026-03-12 19:45:18 -04:00
sprite	docs: add missing agent entries to all cloud READMEs (#2494)	2026-03-11 05:49:50 -04:00
test	refactor: Remove dead code and stale references (#2062)	2026-03-01 11:45:24 -05:00