Commits on Mar 26, 2026

1. Reject VariableNames/MemberKeys in validator, add security test coverage …

   - Validator now explicitly rejects ${!prefix@} and ${!name[@]} instead of
     silently passing them through to the executor's catch-all
   - Add tests for ANSI-C quoting, brace expansion, indirect expansion,
     here-documents, and here-strings
   - Document --inherit-env and --allow-redirects security implications
   - Extract assert_rejected_with() test helper to reduce boilerplate
   - Pin mise tool versions
   
   Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

   

   rammie and claude committed Mar 26, 2026
   Configuration menu

   • View commit details
   • Copy full SHA for d629bd1
   • Browse repository at this point

   Copy the full SHA

   d629bd1 View commit details

   Browse the repository at this point in the history

2. Strip LD_PRELOAD/DYLD vars in --inherit-env, add substitution depth g… …

   …uard
   
   Security hardening from audit:
   
   - Strip LD_PRELOAD, LD_LIBRARY_PATH, LD_AUDIT, DYLD_INSERT_LIBRARIES,
     DYLD_FRAMEWORK_PATH, DYLD_LIBRARY_PATH even in --inherit-env mode to
     prevent arbitrary code injection via dynamic linker
   - Add substitution depth cap (16) in both validator and executor to
     prevent stack overflow from deeply nested $(...) (DoS)
   - Return error for arithmetic expansion $((...)) instead of silent empty
   - Add test coverage for sed path traversal, input redirects, compound
     redirects, and nested command substitution
   
   Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

   

   rammie and claude committed Mar 26, 2026
   Configuration menu

   • View commit details
   • Copy full SHA for 1e05c1a
   • Browse repository at this point

   Copy the full SHA

   1e05c1a View commit details

   Browse the repository at this point in the history