Merge branch 'main' of github.com:AutoMaker-Org/automaker into improve-context-page

2026-02-03 08:53:36 +00:00 · 2025-12-22 00:50:55 -05:00
parent 398f7b8fdd 95bcd9a7ec
commit 35cda4eb8c
501 changed files with 17637 additions and 17437 deletions
--- a/apps/server/src/index.ts
+++ b/apps/server/src/index.ts
@@ -299,11 +299,34 @@ terminalWss.on('connection', (ws: WebSocket, req: import('http').IncomingMessage

      switch (msg.type) {
        case 'input':
+          // Validate input data type and length
+          if (typeof msg.data !== 'string') {
+            ws.send(JSON.stringify({ type: 'error', message: 'Invalid input type' }));
+            break;
+          }
+          // Limit input size to 1MB to prevent memory issues
+          if (msg.data.length > 1024 * 1024) {
+            ws.send(JSON.stringify({ type: 'error', message: 'Input too large' }));
+            break;
+          }
          // Write user input to terminal
          terminalService.write(sessionId, msg.data);
          break;

        case 'resize':
+          // Validate resize dimensions are positive integers within reasonable bounds
+          if (
+            typeof msg.cols !== 'number' ||
+            typeof msg.rows !== 'number' ||
+            !Number.isInteger(msg.cols) ||
+            !Number.isInteger(msg.rows) ||
+            msg.cols < 1 ||
+            msg.cols > 1000 ||
+            msg.rows < 1 ||
+            msg.rows > 500
+          ) {
+            break; // Silently ignore invalid resize requests
+          }
          // Resize terminal with deduplication and rate limiting
          if (msg.cols && msg.rows) {
            const now = Date.now();