sneak/secret
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
3fd30bb9e6cc76f03d2815db46fe0065a490d071
secret/internal
History
clawbot 3fd30bb9e6 Validate secret name in GetSecretVersion to prevent path traversal 
Add isValidSecretName() check at the top of GetSecretVersion(), matching
the existing validation in AddSecret(). Without this, crafted secret names
containing path traversal sequences (e.g. '../../../etc/passwd') could be
used to read files outside the vault directory.

Add regression tests for both GetSecretVersion and GetSecret.

Closes #13
2026-02-15 14:03:28 -08:00
..
cli
fix: remove redundant longterm.age encryption in Init command
2026-02-08 12:05:09 -08:00
secret
Merge branch 'main' into fix/issue-7
2026-02-09 02:19:56 +01:00
vault
Validate secret name in GetSecretVersion to prevent path traversal
2026-02-15 14:03:28 -08:00