fix(security): eliminate shell injection and add input validation
Replace unsafe string interpolation in aria2 RPC JSON construction with jq --arg for proper escaping. Add magnet URL format validation to reject arbitrary input. Refactor detect-client.sh JSON output to use jq. Add CI security check to prevent regression. Resolves VirusTotal "Suspicious" classification caused by the shell injection vulnerability in add-torrent.sh.
This commit is contained in:
Deivid Soto
parent
5d409c4a66
commit
d3d6c702ed
6 changed files with 73 additions and 25 deletions
|
|
@ -1,6 +1,6 @@
|
|||
# torrentclaw-skill
|
||||
|
||||
**Version:** 0.1.13
|
||||
**Version:** 0.1.16
|
||||
**License:** MIT
|
||||
**Homepage:** https://torrentclaw.com
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue