everything-claude-code

elias/everything-claude-code

Fork 0

mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-06-16 16:36:53 +08:00

Commit Graph

Author	SHA1	Message	Date
OrbisAI Security	cf59d0d283	fix: sanitize subprocess call in runner.py (#2149 ) * fix: V-001 security vulnerability Automated security fix generated by OrbisAI Security * fix: sanitize subprocess call in runner.py The runner * fix: address PR review comments on V-001 allowlist and test coverage Remove dangerous interpreters (python, python3, node, curl, wget) from ALLOWED_SETUP_EXECUTABLES — they can execute arbitrary code via argument flags and are not needed for sandbox setup. Rewrite test_invariant_runner to call _setup_sandbox directly instead of spawning runner.py as a subprocess (which had no __main__ entrypoint and never exercised the fix). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-15 13:49:45 -04:00

Author

SHA1

Message

Date

OrbisAI Security

cf59d0d283

fix: sanitize subprocess call in runner.py (#2149 )

* fix: V-001 security vulnerability

Automated security fix generated by OrbisAI Security

* fix: sanitize subprocess call in runner.py

The runner

* fix: address PR review comments on V-001 allowlist and test coverage

Remove dangerous interpreters (python, python3, node, curl, wget) from
ALLOWED_SETUP_EXECUTABLES — they can execute arbitrary code via argument
flags and are not needed for sandbox setup. Rewrite test_invariant_runner
to call _setup_sandbox directly instead of spawning runner.py as a
subprocess (which had no __main__ entrypoint and never exercised the fix).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-06-15 13:49:45 -04:00

1 Commits