nthfuncx/nanoclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix: block group folder path escapes

Browse Source
This commit is contained in:
Lawyered
2026-02-22 11:36:06 -05:00
committed by gavrielc
parent de64dab3e9
commit c6391cceb1
9 changed files with 186 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/ipc.ts
View File

@@ -11,6 +11,7 @@ import {
} from './config.js';
import { AvailableGroup } from './container-runner.js';
import { createTask, deleteTask, getTaskById, updateTask } from './db.js';
import { isValidGroupFolder } from './group-folder.js';
import { logger } from './logger.js';
import { RegisteredGroup } from './types.js';
@@ -357,6 +358,13 @@ export async function processTaskIpc(
break;
}
if (data.jid && data.name && data.folder && data.trigger) {
if (!isValidGroupFolder(data.folder)) {
logger.warn(
{ sourceGroup, folder: data.folder },
'Invalid register_group request - unsafe folder name',
);
break;
}
deps.registerGroup(data.jid, {
name: data.name,
folder: data.folder,