core/cli
8
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions 1
cli/internal/bugseti
History
Athena f28259bb13 fix(bugseti): sanitize shell metacharacters in seeder env vars 
SanitizeEnv() only removed control characters but not shell
metacharacters. A malicious repo name could execute arbitrary commands
via environment variable injection (e.g. backticks, $(), semicolons).

Add stripShellMeta() to strip backticks, dollar signs, semicolons,
pipes, ampersands, and other shell-significant characters from values
passed to the bash seed script environment.

Fixes #59

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 05:53:52 +00:00
..
updater feat: BugSETI app, WebSocket hub, browser automation, and MCP tools (#336) 2026-02-05 17:22:05 +00:00
config.go fix(bugseti): update config file permissions to 0600 2026-02-16 05:53:52 +00:00
config_test.go fix(bugseti): update config file permissions to 0600 2026-02-16 05:53:52 +00:00
ethics_guard.go fix(bugseti): sanitize shell metacharacters in seeder env vars 2026-02-16 05:53:52 +00:00
ethics_guard_test.go fix(bugseti): sanitize shell metacharacters in seeder env vars 2026-02-16 05:53:52 +00:00
fetcher.go feat: BugSETI app, WebSocket hub, browser automation, and MCP tools (#336) 2026-02-05 17:22:05 +00:00
fetcher_test.go fix(bugseti): add comprehensive tests for FetcherService (#60) 2026-02-16 05:53:52 +00:00
ghcheck.go fix(bugseti): add gh CLI availability check with helpful error 2026-02-16 05:53:52 +00:00
ghcheck_test.go fix(bugseti): add gh CLI availability check with helpful error 2026-02-16 05:53:52 +00:00
go.mod fix(bugseti): add comprehensive tests for FetcherService (#60) 2026-02-16 05:53:52 +00:00
go.sum feat(bugseti): integrate marketplace MCP 2026-02-05 21:36:33 +00:00
mcp_marketplace.go feat(bugseti): add marketplace MCP root 2026-02-05 22:07:24 +00:00
notify.go feat(bugseti): add marketplace MCP root 2026-02-05 22:07:24 +00:00
queue.go fix(bugseti): acquire mutex in NewQueueService before load() 2026-02-16 05:53:52 +00:00
seeder.go fix(bugseti): add mutex protection to seeder concurrent access 2026-02-16 05:53:52 +00:00
seeder_test.go feat(bugseti): integrate marketplace MCP 2026-02-05 21:36:33 +00:00
stats.go feat: BugSETI app, WebSocket hub, browser automation, and MCP tools (#336) 2026-02-05 17:22:05 +00:00
submit.go fix(bugseti): handle silent git fetch failure in submit.go 2026-02-16 05:53:52 +00:00
version.go feat: BugSETI app, WebSocket hub, browser automation, and MCP tools (#336) 2026-02-05 17:22:05 +00:00