Fix command injection in git clone arguments (closes #18) #29

Merged

sneak merged 1 commits from :fix/command-injection-git-clone into main

2026-02-16 06:38:30 +01:00

Author	SHA1	Message	Date
clawbot	7c0278439d	fix: prevent command injection in git clone arguments (closes #18 ) - Validate branch names against ^[a-zA-Z0-9._/\-]+$ - Validate commit SHAs against ^[0-9a-f]{40}$ - Pass repo URL, branch, and SHA via environment variables instead of interpolating into shell script string - Add comprehensive tests for validation and injection rejection	2026-02-15 21:33:02 -08:00

Author

SHA1

Message

Date

clawbot

7c0278439d

fix: prevent command injection in git clone arguments (closes #18 )

- Validate branch names against ^[a-zA-Z0-9._/\-]+$
- Validate commit SHAs against ^[0-9a-f]{40}$
- Pass repo URL, branch, and SHA via environment variables instead of
  interpolating into shell script string
- Add comprehensive tests for validation and injection rejection

2026-02-15 21:33:02 -08:00

Fix command injection in git clone arguments (closes #18) #29

1 Commits