spawn

vrr/spawn

mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-05-06 08:10:48 +00:00

History

A 75e3703c55 fix: Validate env var inputs in Hostinger and Contabo create_server (#361 ) Hostinger: HOSTINGER_OS_TEMPLATE was interpolated into Python code without validation, allowing Python code injection via env var. Added validate_resource_name check. Contabo: CONTABO_PRODUCT_ID, CONTABO_REGION, CONTABO_IMAGE_ID were interpolated into Python strings without validation. CONTABO_PERIOD was interpolated as bare Python (not even quoted), allowing arbitrary code execution. Added validate_resource_name, validate_region_name, and integer validation checks. Agent: security-auditor Co-authored-by: A <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-02-10 23:18:35 -08:00
..
common.sh	fix: Validate env var inputs in Hostinger and Contabo create_server (#361 )	2026-02-10 23:18:35 -08:00

fix: Validate env var inputs in Hostinger and Contabo create_server (#361 )

Hostinger: HOSTINGER_OS_TEMPLATE was interpolated into Python code
without validation, allowing Python code injection via env var.
Added validate_resource_name check.

Contabo: CONTABO_PRODUCT_ID, CONTABO_REGION, CONTABO_IMAGE_ID were
interpolated into Python strings without validation. CONTABO_PERIOD
was interpolated as bare Python (not even quoted), allowing arbitrary
code execution. Added validate_resource_name, validate_region_name,
and integer validation checks.

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-02-10 23:18:35 -08:00

common.sh

fix: Validate env var inputs in Hostinger and Contabo create_server (#361 )

2026-02-10 23:18:35 -08:00