ros/automaker
1
0
Fork 0
mirror of https://github.com/AutoMaker-Org/automaker.git synced 2026-02-03 08:53:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: address PR review security and validation issues

Browse Source 
- Add runtime type check for worktreePath in open-in-terminal handler
- Fix Windows Terminal detection using commandExists before spawn
- Fix xterm shell injection by using sh -c with escapeShellArg
- Use loose equality for null/undefined in useEffectiveDefaultTerminal
- Consolidate duplicate imports from open-in-terminal.js
This commit is contained in:
Stefan de Vogelaere
2026-01-18 15:38:54 +01:00
parent 9529afbbaa
commit 5d68e75541
5 changed files with 39 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/server/src/routes/worktree/index.ts
View File

@@ -29,8 +29,8 @@ import {
createGetAvailableEditorsHandler,
createRefreshEditorsHandler,
} from './routes/open-in-editor.js';
import { createOpenInTerminalHandler } from './routes/open-in-terminal.js';
import {
createOpenInTerminalHandler,
createGetAvailableTerminalsHandler,
createGetDefaultTerminalHandler,
createRefreshTerminalsHandler,

4
apps/server/src/routes/worktree/routes/open-in-terminal.ts
View File

@@ -32,10 +32,10 @@ export function createOpenInTerminalHandler() {
worktreePath: string;
};
if (!worktreePath) {
if (!worktreePath || typeof worktreePath !== 'string') {
res.status(400).json({
success: false,
error: 'worktreePath required',
error: 'worktreePath required and must be a string',
});
return;
}