didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

test(git-gate): shell-escaping regression tests (issue #159) #167

Closed
didericis-claude wants to merge 2 commits from regression/issue-159-shell-escaping into main
pull from: regression/issue-159-shell-escaping
merge into: didericis:main
Conversation 0 Commits 2 Files Changed 4
+208 -11

2 Commits

Author SHA1 Message Date
didericis-claude 87b4c6d943 test(git-gate): add shell-escaping regression tests (issue #159)
test / unit (pull_request) Successful in 53s
Details
test / integration (pull_request) Successful in 59s
Details 
Cover all six pathological character classes (single-quote,
double-quote, space, semicolon, newline, backtick) in both
upstream URL and name positions.  Each case validates rendered
output via `sh -n` and asserts the original value is preserved
verbatim after shlex.quote encoding.  Also add `sh -n` smoke
tests for the static pre-receive and access-hook scripts.
 2026-06-03 14:45:56 +00:00
didericis-claude c4903c368a fix(security): harden git_gate.py shell rendering with shlex.quote and name validation
test / unit (pull_request) Successful in 32s
Details
test / integration (pull_request) Successful in 41s
Details 
Use shlex.quote() on name and upstream_url in git_gate_render_entrypoint()
so special characters (single quotes, spaces, semicolons) cannot break or
inject into the generated sh script.

Add _GIT_NAME_RE validation in GitEntry.from_repos_entry() to restrict
repo names to [A-Za-z0-9._-]+, making the manifest the first line of
defence and shlex.quote() the belt-and-suspenders backstop.

Closes #155
 2026-06-03 04:35:51 +00:00