vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-31 21:40:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
spawn/linode
History
Sprite d689f6f06c security: Add MODEL_ID input validation to prevent injection 
Added validate_model_id() function to all common.sh files to prevent
command injection via user-supplied MODEL_ID values. MODEL_ID is used
in JSON configs, shell commands, and exported to remote systems, so
validation is critical.

Validation enforces that MODEL_ID contains only safe characters:
- Letters (a-z, A-Z)
- Numbers (0-9)
- Separators: / - _ : .

Rejects dangerous characters like backticks, $(), quotes, semicolons
that could be used for command injection.

Changes:
- Added validate_model_id() to all lib/common.sh files
- Added validation calls after MODEL_ID input in all agent scripts
- Tests pass for all sprite scripts

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-07 19:52:07 +00:00
..
lib security: Add MODEL_ID input validation to prevent injection 2026-02-07 19:52:07 +00:00
aider.sh security: Add MODEL_ID input validation to prevent injection 2026-02-07 19:52:07 +00:00
claude.sh Add Linode (Akamai) as fifth cloud provider with all 6 agents (#12) 2026-02-07 09:26:31 -08:00
codex.sh Add Linode (Akamai) as fifth cloud provider with all 6 agents (#12) 2026-02-07 09:26:31 -08:00
goose.sh Add Linode (Akamai) as fifth cloud provider with all 6 agents (#12) 2026-02-07 09:26:31 -08:00
interpreter.sh Add Open Interpreter as seventh agent across all clouds (#13) 2026-02-07 09:30:27 -08:00
nanoclaw.sh Add Linode (Akamai) as fifth cloud provider with all 6 agents (#12) 2026-02-07 09:26:31 -08:00
openclaw.sh security: Add MODEL_ID input validation to prevent injection 2026-02-07 19:52:07 +00:00