This repository has been archived on 2026-03-09. You can view files and clone it. You cannot open issues or pull requests or push a commit.

Torjus Håkestad c52e88ca7e fix: add validation for config and reply subjects ...

Address medium severity security issues:

- Validate repo names in config only allow alphanumeric, dash, underscore
  (prevents NATS subject injection via dots or wildcards)
- Validate repo URLs must start with git+https://, git+ssh://, or git+file://
- Validate ReplyTo field must start with "build.responses." to prevent
  publishing responses to arbitrary NATS subjects

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-02-10 22:09:51 +01:00

2.3 KiB

Raw Blame History

View Raw