feat: Add git log parsing and rebase endpoint with input validation

2026-03-22 23:53:08 +00:00 · 2026-02-18 00:31:31 -08:00
parent e6e04d57bc
commit d30296d559
42 changed files with 2826 additions and 376 deletions
--- a/apps/server/src/services/worktree-service.ts
+++ b/apps/server/src/services/worktree-service.ts
@@ -63,6 +63,14 @@ export class WorktreeService {
    for (const relativePath of copyFiles) {
      // Security: prevent path traversal
      const normalized = path.normalize(relativePath);
+      if (normalized === '' || normalized === '.') {
+        const reason = 'Suspicious path rejected (empty or current-dir)';
+        emitter.emit('worktree:copy-files:skipped', {
+          path: relativePath,
+          reason,
+        });
+        continue;
+      }
      if (normalized.startsWith('..') || path.isAbsolute(normalized)) {
        const reason = 'Suspicious path rejected (traversal or absolute)';
        emitter.emit('worktree:copy-files:skipped', {