From de900ac185ec2ee56c69d83a3feb583272933373 Mon Sep 17 00:00:00 2001
From: B <6723574+louisgv@users.noreply.github.com>
Date: Sat, 28 Mar 2026 07:29:38 +0000
Subject: [PATCH] fix(security): add base64 validation for GitHub token before
 shell interpolation

The base64-encoded GitHub token in offerGithubAuth() was passed to
shellQuote() without the same base64 character validation applied
to other base64 values elsewhere in the file (wrapperB64, unitB64,
timerB64). While shellQuote() already provides adequate protection,
this adds the same defense-in-depth guard for consistency.

Fixes #3079

Agent: security-auditor
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 packages/cli/package.json              | 2 +-
 packages/cli/src/shared/agent-setup.ts | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/packages/cli/package.json b/packages/cli/package.json
index be1e999f..c6092d7d 100644
--- a/packages/cli/package.json
+++ b/packages/cli/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@openrouter/spawn",
-  "version": "0.27.6",
+  "version": "0.27.7",
   "type": "module",
   "bin": {
     "spawn": "cli.js"
diff --git a/packages/cli/src/shared/agent-setup.ts b/packages/cli/src/shared/agent-setup.ts
index a7ed108b..af65880d 100644
--- a/packages/cli/src/shared/agent-setup.ts
+++ b/packages/cli/src/shared/agent-setup.ts
@@ -299,6 +299,9 @@ export async function offerGithubAuth(runner: CloudRunner, explicitlyRequested?:
   let ghCmd = "curl --proto '=https' -fsSL https://openrouter.ai/labs/spawn/shared/github-auth.sh | bash";
   if (githubToken) {
     const tokenB64 = Buffer.from(githubToken).toString("base64");
+    if (!/^[A-Za-z0-9+/=]+$/.test(tokenB64)) {
+      throw new Error("Unexpected characters in base64 output");
+    }
     ghCmd = `export GITHUB_TOKEN=$(printf '%s' ${shellQuote(tokenB64)} | base64 -d) && ${ghCmd}`;
   }