jlengrand/Maestro
1
0
Fork 0
mirror of https://github.com/jlengrand/Maestro.git synced 2026-03-10 08:31:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,506 Commits 2 Branches 0 Tags
bc036c32de03fda431b70ae5d73929d5d40007cd
Commit Graph

2506 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pedram Amini
46859165b2 fix: replace dynamic require() with top-level ES6 import 
Replace dynamic require('fs').promises calls with static import statement.
This improves security, enables better tree-shaking, and follows modern
ES6 module patterns.

Changes:
- Add 'import fs from "fs/promises"' at module top
- Remove dynamic require() in fs:readDir handler (line 181)
- Remove dynamic require() in fs:readFile handler (line 192)

Completes housekeeping task #4 (CRITICAL security issue)
 2025-11-23 21:02:32 -06:00
Pedram Amini
3e6ef5b66a fix: remove vulnerable execCommand method from ProcessManager 
Removed the execCommand() method that used naive space-splitting for argument parsing, which could break with filenames containing spaces. Replaced its single usage in git:isRepo handler with direct call to execFileNoThrow using structured array arguments.

This change:
- Eliminates command parsing vulnerability (#2)
- Reduces attack surface by removing unnecessary abstraction
- Maintains consistency with project security patterns
- All git operations now consistently use execFileNoThrow

Fixes #2 in Housekeeping.md (CRITICAL security issue)
 2025-11-23 20:49:09 -06:00
Pedram Amini
fb8f011e0e builds nicely 2025-11-23 20:41:06 -06:00
Pedram Amini
253cfc963e more ux updates 2025-11-23 19:52:29 -06:00
Pedram Amini
69db83a490 UX iterations 2025-11-23 19:40:45 -06:00
Pedram Amini
ca85ff7c48 UX prototype complete 2025-11-23 19:00:08 -06:00