clawbot/secret
1
0
Fork 0
forked from sneak/secret
Code Pull Requests Activity
3fd30bb9e6
secret/internal/vault
History
clawbot 3fd30bb9e6 Validate secret name in GetSecretVersion to prevent path traversal 
Add isValidSecretName() check at the top of GetSecretVersion(), matching
the existing validation in AddSecret(). Without this, crafted secret names
containing path traversal sequences (e.g. '../../../etc/passwd') could be
used to read files outside the vault directory.

Add regression tests for both GetSecretVersion and GetSecret.

Closes #13
2026-02-15 14:03:28 -08:00
..
integration_test.go Switch from relative paths to bare names in pointer files 2025-12-23 13:43:10 +07:00
integration_version_test.go uses protected memory buffers now for all secrets in ram 2025-07-15 08:32:33 +02:00
management.go Switch from relative paths to bare names in pointer files 2025-12-23 13:43:10 +07:00
metadata_test.go fix: resolve exported type stuttering issues (revive) 2025-06-20 12:47:06 -07:00
metadata.go fix: resolve all revive linter issues 2025-07-15 06:06:48 +02:00
path_traversal_test.go Validate secret name in GetSecretVersion to prevent path traversal 2026-02-15 14:03:28 -08:00
secrets_version_test.go uses protected memory buffers now for all secrets in ram 2025-07-15 08:32:33 +02:00
secrets.go Validate secret name in GetSecretVersion to prevent path traversal 2026-02-15 14:03:28 -08:00
unlockers.go Switch from relative paths to bare names in pointer files 2025-12-23 13:43:10 +07:00
vault_error_test.go Replace symlinks with plain files containing relative paths 2025-12-23 11:53:28 +07:00
vault_test.go fix: NumSecrets() now correctly counts secrets by checking for current file 2026-02-08 12:04:15 -08:00
vault.go fix: NumSecrets() now correctly counts secrets by checking for current file 2026-02-08 12:04:15 -08:00