spawn

vrr/spawn

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-06-01 06:09:53 +00:00

History

Sprite d689f6f06c security: Add MODEL_ID input validation to prevent injection Added validate_model_id() function to all common.sh files to prevent command injection via user-supplied MODEL_ID values. MODEL_ID is used in JSON configs, shell commands, and exported to remote systems, so validation is critical. Validation enforces that MODEL_ID contains only safe characters: - Letters (a-z, A-Z) - Numbers (0-9) - Separators: / - _ : . Rejects dangerous characters like backticks, $(), quotes, semicolons that could be used for command injection. Changes: - Added validate_model_id() to all lib/common.sh files - Added validation calls after MODEL_ID input in all agent scripts - Tests pass for all sprite scripts Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-07 19:52:07 +00:00
..
common.sh	security: Add MODEL_ID input validation to prevent injection	2026-02-07 19:52:07 +00:00

Sprite d689f6f06c security: Add MODEL_ID input validation to prevent injection

Added validate_model_id() function to all common.sh files to prevent
command injection via user-supplied MODEL_ID values. MODEL_ID is used
in JSON configs, shell commands, and exported to remote systems, so
validation is critical.

Validation enforces that MODEL_ID contains only safe characters:
- Letters (a-z, A-Z)
- Numbers (0-9)
- Separators: / - _ : .

Rejects dangerous characters like backticks, $(), quotes, semicolons
that could be used for command injection.

Changes:
- Added validate_model_id() to all lib/common.sh files
- Added validation calls after MODEL_ID input in all agent scripts
- Tests pass for all sprite scripts

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-07 19:52:07 +00:00

common.sh

security: Add MODEL_ID input validation to prevent injection

2026-02-07 19:52:07 +00:00