mirror of
https://github.com/jlengrand/Maestro.git
synced 2026-03-10 08:31:19 +00:00
3e6ef5b66a
Removed the execCommand() method that used naive space-splitting for argument parsing, which could break with filenames containing spaces. Replaced its single usage in git:isRepo handler with direct call to execFileNoThrow using structured array arguments. This change: - Eliminates command parsing vulnerability (#2) - Reduces attack surface by removing unnecessary abstraction - Maintains consistency with project security patterns - All git operations now consistently use execFileNoThrow Fixes #2 in Housekeeping.md (CRITICAL security issue)
15 lines
416 B
Bash
Executable File
15 lines
416 B
Bash
Executable File
#!/bin/sh
|
|
|
|
TASKS_BEFORE=$(grep "\- \[ \]" ./tmp/HOUSEKEEPING.md | wc -l)
|
|
|
|
if [ "$TASKS_BEFORE" -eq 0 ]; then
|
|
echo "no tasks remaining in document, exiting..."
|
|
exit 0
|
|
fi
|
|
|
|
PROMPT=$(cat ./tmp/housekeeping.prompt)
|
|
RESPONSE=$(claude --dangerously-skip-permissions -p "$PROMPT")
|
|
echo "$RESPONSE"
|
|
TASKS_AFTER=$(grep "\- \[ \]" ./tmp/HOUSEKEEPING.md | wc -l)
|
|
echo "Tasks before $TASKS_BEFORE and after $TASKS_AFTER"
|