secret

clawbot/secret

Fork 0

forked from sneak/secret

Commit Graph

Author	SHA1	Message	Date
clawbot	3fd30bb9e6	Validate secret name in GetSecretVersion to prevent path traversal Add isValidSecretName() check at the top of GetSecretVersion(), matching the existing validation in AddSecret(). Without this, crafted secret names containing path traversal sequences (e.g. '../../../etc/passwd') could be used to read files outside the vault directory. Add regression tests for both GetSecretVersion and GetSecret. Closes #13	2026-02-15 14:03:28 -08:00

Author

SHA1

Message

Date

clawbot

3fd30bb9e6

Validate secret name in GetSecretVersion to prevent path traversal

Add isValidSecretName() check at the top of GetSecretVersion(), matching
the existing validation in AddSecret(). Without this, crafted secret names
containing path traversal sequences (e.g. '../../../etc/passwd') could be
used to read files outside the vault directory.

Add regression tests for both GetSecretVersion and GetSecret.

Closes #13

2026-02-15 14:03:28 -08:00

1 Commits