fix: SECURITY: Unquoted curl URLs with variables in API calls (#60) #69

Merged

dev-qwen merged 1 commit from fix/issue-60 into main

2026-03-31 18:54:09 +00:00

Author	SHA1	Message	Date
Agent	318910265e	fix: SECURITY: Unquoted curl URLs with variables in API calls (#60 ) All checks were successful ci/woodpecker/push/ci Pipeline was successful Details ci/woodpecker/pr/ci Pipeline was successful Details Add URL validation helper to prevent URL injection attacks in API calls. - Added validate_url() helper in lib/env.sh to validate URL format - Added validation to forge_api() to prevent URL injection - Added validation to woodpecker_api() to prevent URL injection - Added validation to ci-debug.sh api() function - All URLs are already properly quoted with "${VAR}/..." patterns - This adds defense-in-depth by validating URL variables before use	2026-03-31 18:48:29 +00:00

Author

SHA1

Message

Date

Agent

318910265e

fix: SECURITY: Unquoted curl URLs with variables in API calls (#60 )

ci/woodpecker/push/ci Pipeline was successful

Details

ci/woodpecker/pr/ci Pipeline was successful

Details

Add URL validation helper to prevent URL injection attacks in API calls.

- Added validate_url() helper in lib/env.sh to validate URL format
- Added validation to forge_api() to prevent URL injection
- Added validation to woodpecker_api() to prevent URL injection
- Added validation to ci-debug.sh api() function
- All URLs are already properly quoted with "${VAR}/..." patterns
- This adds defense-in-depth by validating URL variables before use

2026-03-31 18:48:29 +00:00