vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-04-28 11:59:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
spawn/sh/e2e/lib/clouds
History
A 6fda75ccc8
security: validate base64 output in cloud_exec and soak.sh (defense-in-depth) (#2532) 
Add base64 character validation ([A-Za-z0-9+/=]) before use in SSH
command strings for gcp.sh, aws.sh, and hetzner.sh cloud_exec
functions -- matching the existing fix in digitalocean.sh (#2528).

Also add a validated _encode_b64 helper to soak.sh and use it for
all Telegram bot token encoding, preventing corrupted base64 from
breaking out of single-quoted SSH command strings.

Closes #2527

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-12 09:32:48 -04:00
..
aws.sh security: validate base64 output in cloud_exec and soak.sh (defense-in-depth) (#2532) 2026-03-12 09:32:48 -04:00
digitalocean.sh security: validate base64 in digitalocean.sh SSH exec (defense-in-depth) (#2528) 2026-03-12 08:16:48 -04:00
gcp.sh security: validate base64 output in cloud_exec and soak.sh (defense-in-depth) (#2532) 2026-03-12 09:32:48 -04:00
hetzner.sh security: validate base64 output in cloud_exec and soak.sh (defense-in-depth) (#2532) 2026-03-12 09:32:48 -04:00
sprite.sh fix: harden Sprite exec against injection via org flags and grep patterns (#2446) 2026-03-10 10:08:17 -07:00