ros/spec-kit
1
0
Fork 0
mirror of https://github.com/github/spec-kit.git synced 2026-03-17 19:03:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: address Copilot PR review comments (round 3)

Browse Source 
- Fix PS Resolve-Template fallback to skip dot-prefixed dirs (.cache)
- Rename _catalog to _catalog_name for consistency with extension system
- Enforce install_allowed policy in CLI preset add and download_pack()
- Fix shell injection: pass registry path via env var instead of string interpolation
This commit is contained in:
Manfred Riem
2026-03-10 17:06:34 -05:00
parent 1c143e64b1
commit 6da1375396
4 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/specify_cli/presets.py
View File

@@ -1096,7 +1096,7 @@ class PresetCatalog:
try:
data = self._fetch_single_catalog(entry, force_refresh)
for pack_id, pack_data in data.get("presets", {}).items():
pack_data_with_catalog = {**pack_data, "_catalog": entry.name, "_install_allowed": entry.install_allowed}
pack_data_with_catalog = {**pack_data, "_catalog_name": entry.name, "_install_allowed": entry.install_allowed}
merged[pack_id] = pack_data_with_catalog
except PresetError:
continue
@@ -1279,6 +1279,13 @@ class PresetCatalog:
f"Preset '{pack_id}' not found in catalog"
)
if not pack_info.get("_install_allowed", True):
catalog_name = pack_info.get("_catalog_name", "unknown")
raise PresetError(
f"Preset '{pack_id}' is from the '{catalog_name}' catalog which does not allow installation. "
f"Use --from with the preset's repository URL instead."
)
download_url = pack_info.get("download_url")
if not download_url:
raise PresetError(