vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-01 21:30:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
spawn/sh/e2e/lib
History
A f9c1568f9c
fix(security): use explicit exports in provision.sh subshell (#1926) 
Replace inline env-var prefix pattern (VAR=value command) with explicit
export statements inside the subshell. While the inline prefix is
POSIX-compliant and not a real injection vector, explicit exports are
clearer about intent, eliminate the fragile backslash-continuation chain,
and prevent future copy-paste of the pattern into unsafe contexts.

Fixes #1924

Agent: security-auditor

Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-25 12:54:58 -05:00
..
cleanup.sh refactor: move all shell scripts to /sh directory (#1843) 2026-02-23 21:14:54 -08:00
common.sh fix(security): harden shell scripts - fix sed portability, curl HTTPS enforcement, token expiry (#1917) 2026-02-25 03:23:32 -08:00
provision.sh fix(security): use explicit exports in provision.sh subshell (#1926) 2026-02-25 12:54:58 -05:00
teardown.sh refactor: move all shell scripts to /sh directory (#1843) 2026-02-23 21:14:54 -08:00
verify.sh fix(security): base64-encode INPUT_TEST_PROMPT in E2E verify.sh to prevent injection (#1923) 2026-02-25 10:26:18 -05:00