johba/disinto
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions
disinto/lib
History
Agent 318910265e
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
fix: SECURITY: Unquoted curl URLs with variables in API calls (#60) 
Add URL validation helper to prevent URL injection attacks in API calls.

- Added validate_url() helper in lib/env.sh to validate URL format
- Added validation to forge_api() to prevent URL injection
- Added validation to woodpecker_api() to prevent URL injection
- Added validation to ci-debug.sh api() function
- All URLs are already properly quoted with "${VAR}/..." patterns
- This adds defense-in-depth by validating URL variables before use
2026-03-31 18:48:29 +00:00
..
hooks fix: Remove Matrix integration — notifications move to forge + OpenClaw (#732) 2026-03-26 14:53:56 +00:00
agent-sdk.sh feat: nudge model when it stops without pushing 2026-03-29 07:45:58 +00:00
agent-session.sh fix: Remove Matrix integration — notifications move to forge + OpenClaw (#732) 2026-03-26 14:53:56 +00:00
AGENTS.md fix: refactor: rename vault-runner → runner and vault-run → run (#43) 2026-03-29 12:43:18 +00:00
build-graph.py fix: use undirected reachability for reviewer affected-objectives tracing 2026-03-24 21:31:55 +00:00
ci-debug.sh fix: SECURITY: Unquoted curl URLs with variables in API calls (#60) 2026-03-31 18:48:29 +00:00
ci-helpers.sh fix: Vault-gated deployment promotion via Woodpecker environments (#755) 2026-03-26 17:16:39 +00:00
env.sh fix: SECURITY: Unquoted curl URLs with variables in API calls (#60) 2026-03-31 18:48:29 +00:00
file-action-issue.sh fix: Replace Codeberg dependency with local Forgejo instance (#611) 2026-03-23 16:57:12 +00:00
formula-session.sh fix: guard cd in formula_worktree_setup with || return (SC2164) 2026-03-28 13:16:29 +00:00
guard.sh fix: fix: check_active guard should log to stderr when skipping — silent agent dropout on missing state file (#663) 2026-03-25 08:00:29 +00:00
issue-lifecycle.sh fix: SECURITY: Replace eval usage with safer alternatives (#59) 2026-03-31 18:21:55 +00:00
load-project.sh fix: disinto init: project TOML uses localhost forge_url, breaks agents container (#782) 2026-03-27 16:13:59 +00:00
mirrors.sh fix: SECURITY: Replace eval usage with safer alternatives (#59) 2026-03-31 18:21:55 +00:00
parse-deps.sh fix: parse-deps.sh inline regex matches every line — awk /pattern/i flag is invalid (#600) 2026-03-23 10:59:47 +00:00
pr-lifecycle.sh fix: Extract lib/pr-lifecycle.sh — walk-PR-to-merge library (#795) 2026-03-27 18:01:06 +00:00
secret-scan.sh fix: Replace Codeberg dependency with local Forgejo instance (#611) 2026-03-23 16:57:12 +00:00
tea-helpers.sh fix: tea_relabel uses edit subcommand, add sha256 checksum for tea binary (#666) 2026-03-25 13:34:58 +00:00
worktree.sh fix: Extract lib/worktree.sh — create, recover, cleanup (#797) 2026-03-27 19:06:31 +00:00