Skip to content

security: fix minor security observations and add regression tests#9

Merged
AngeloGiacco merged 1 commit intomainfrom
claude/security-audit-review-GQaQR
Jan 5, 2026
Merged

security: fix minor security observations and add regression tests#9
AngeloGiacco merged 1 commit intomainfrom
claude/security-audit-review-GQaQR

Conversation

@AngeloGiacco
Copy link
Owner

@AngeloGiacco AngeloGiacco commented Jan 5, 2026

  • Add logging when timeout parsing falls back to default (runner.rs)
  • Add path canonicalization in config discovery to prevent symlink attacks (config/mod.rs)
  • Add argument validation in pre-commit command construction to prevent injection (precommit.rs)
  • Add comprehensive regression tests for all security fixes
  • Fix clippy warnings in test code (unwrap_err -> expect_err, manual_string_new)

@claude
security: fix minor security observations and add regression tests
5863ab4 
- Add logging when timeout parsing falls back to default (runner.rs)
- Add path canonicalization in config discovery to prevent symlink attacks (config/mod.rs)
- Add argument validation in pre-commit command construction to prevent injection (precommit.rs)
- Add comprehensive regression tests for all security fixes
- Fix clippy warnings in test code (unwrap_err -> expect_err, manual_string_new)
@AngeloGiacco AngeloGiacco merged commit 50fd1b5 into main Jan 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AngeloGiacco @claude