@claudetools/tools 0.2.1 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -85,15 +85,21 @@ async function ensureSystemRegistered() {
|
|
|
85
85
|
*/
|
|
86
86
|
function detectGitRemote(localPath) {
|
|
87
87
|
try {
|
|
88
|
+
// Resolve symlinks and validate path to prevent path traversal attacks
|
|
89
|
+
const resolvedPath = fs.realpathSync(localPath);
|
|
90
|
+
// Ensure path is absolute and doesn't contain path traversal
|
|
91
|
+
if (!path.isAbsolute(resolvedPath) || resolvedPath.includes('..')) {
|
|
92
|
+
return undefined;
|
|
93
|
+
}
|
|
88
94
|
const gitRemote = execSync('git config --get remote.origin.url', {
|
|
89
|
-
cwd:
|
|
95
|
+
cwd: resolvedPath,
|
|
90
96
|
encoding: 'utf-8',
|
|
91
97
|
stdio: ['pipe', 'pipe', 'ignore'],
|
|
92
98
|
}).trim();
|
|
93
99
|
return gitRemote || undefined;
|
|
94
100
|
}
|
|
95
101
|
catch {
|
|
96
|
-
// Not a git repo
|
|
102
|
+
// Not a git repo, no remote configured, or invalid path
|
|
97
103
|
return undefined;
|
|
98
104
|
}
|
|
99
105
|
}
|
package/dist/setup.js
CHANGED
|
@@ -728,7 +728,7 @@ export async function runSetup() {
|
|
|
728
728
|
// Step 1: Authentication
|
|
729
729
|
header('Authentication');
|
|
730
730
|
if (config.apiKey) {
|
|
731
|
-
info(`Existing API key found: ${config.apiKey.substring(0,
|
|
731
|
+
info(`Existing API key found: ${config.apiKey.substring(0, 6)}...`);
|
|
732
732
|
const { replace } = await prompts({
|
|
733
733
|
type: 'confirm',
|
|
734
734
|
name: 'replace',
|