Skip to content

fix(cli): avoid shell execution in module installs#34

Merged
ralyodio merged 1 commit into
profullstack:masterfrom
rissrice2105-agent:fix/modules-install-safe-exec
Jun 27, 2026
Merged

fix(cli): avoid shell execution in module installs#34
ralyodio merged 1 commit into
profullstack:masterfrom
rissrice2105-agent:fix/modules-install-safe-exec

Conversation

@rissrice2105-agent

Copy link
Copy Markdown
Contributor

Summary

  • run module install commands with execFileSync argument arrays instead of shell strings
  • validate module directory names before writing under the modules directory
  • reject tarballs with absolute paths or parent-directory traversal entries before extraction

Tests

  • corepack pnpm --filter @profullstack/threatcrush build

@ralyodio ralyodio merged commit 0c9cfa3 into profullstack:master Jun 27, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants