This repository has been archived on 2026-03-09. You can view files and clone it. You cannot open issues or pull requests or push a commit.

Torjus Håkestad 08f1fcc6ac fix: validate target and hostname inputs to prevent injection ...

Add input validation to address security concerns:

- Validate Target field in BuildRequest against safe character pattern
  (must be "all" or match alphanumeric/dash/underscore/dot pattern)
- Filter hostnames discovered from nix flake show output, skipping any
  with invalid characters before using them in build commands

This prevents potential command injection via crafted NATS messages or
malicious flake configurations.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-10 22:07:26 +01:00

3.8 KiB

Raw Blame History

View Raw