Fix: Security, reliability, and code quality improvements from PR review
Critical Security Fixes: - Fix command injection vulnerability in Windows shims (beadboard.cmd, bb.cmd) - Added path validation to block traversal (.. and root-relative paths) - Added quotes around env var to prevent command injection Reliability Fixes: - Fix agent cache null safety bug - Fixed callBdAgentShow() to check for cache misses (null check, expiration) - Fixed getCachedAgent to properly return entry.data or null - Fix null body crashes in mail ack route - Added null check before casting body to object - Returns 400 error instead of 500 for invalid requests BD Compliance Fixes: - Fix read-issues to use BD audit record path - Ensures all writes go through bd audit record - Maintains watcher/SSE parity and Dolt commit tracking Code Quality Fixes: - Fix path canonicalization violations - Use canonicalizeWindowsPath() and windowsPathKey() from pathing module - Prevents Windows edge cases and ensures machine-reproducible paths - Fix typo: mobile-fronted → mobile-frontend - Pin GitHub Actions tags - softprops/action-gh-release@v1 → specific commit hash - Register pr14 test in package.json (already registered) Testing: - Refactor broad exception handlers in Python scripts - Replace except Exception: with specific exceptions - Allows KeyboardInterrupt and SystemExit to propagate correctly - All tests passing
This commit is contained in:
parent
d54e4f3311
commit
ce4700849b
15 changed files with 2995 additions and 756 deletions
|
|
@ -60,44 +60,44 @@ def infer_project_name(project_dir: Path) -> str:
|
|||
data = json.loads(package_json.read_text())
|
||||
if name := data.get("name"):
|
||||
return name.replace("-", " ").replace("_", " ").title()
|
||||
except (json.JSONDecodeError, KeyError):
|
||||
pass
|
||||
|
||||
# Try pyproject.toml (Python)
|
||||
if tomllib:
|
||||
pyproject = project_dir / "pyproject.toml"
|
||||
if pyproject.exists():
|
||||
try:
|
||||
data = tomllib.loads(pyproject.read_text())
|
||||
if name := data.get("project", {}).get("name"):
|
||||
return name.replace("-", " ").replace("_", " ").title()
|
||||
if name := data.get("tool", {}).get("poetry", {}).get("name"):
|
||||
return name.replace("-", " ").replace("_", " ").title()
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
# Try Cargo.toml (Rust)
|
||||
cargo = project_dir / "Cargo.toml"
|
||||
if cargo.exists():
|
||||
try:
|
||||
data = tomllib.loads(cargo.read_text())
|
||||
if name := data.get("package", {}).get("name"):
|
||||
return name.replace("-", " ").replace("_", " ").title()
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
# Try go.mod (Go)
|
||||
go_mod = project_dir / "go.mod"
|
||||
if go_mod.exists():
|
||||
try:
|
||||
content = go_mod.read_text()
|
||||
for line in content.splitlines():
|
||||
if line.startswith("module "):
|
||||
module_path = line.split()[1]
|
||||
name = module_path.split("/")[-1]
|
||||
return name.replace("-", " ").replace("_", " ").title()
|
||||
except Exception:
|
||||
pass
|
||||
except (json.JSONDecodeError, KeyError, OSError):
|
||||
pass
|
||||
|
||||
# Try pyproject.toml (Python)
|
||||
if tomllib:
|
||||
pyproject = project_dir / "pyproject.toml"
|
||||
if pyproject.exists():
|
||||
try:
|
||||
data = tomllib.loads(pyproject.read_text())
|
||||
if name := data.get("project", {}).get("name"):
|
||||
return name.replace("-", " ").replace("_", " ").title()
|
||||
if name := data.get("tool", {}).get("poetry", {}).get("name"):
|
||||
return name.replace("-", " ").replace("_", " ").title()
|
||||
except (tomllib.TOMLDecodeError, OSError, KeyError, AttributeError):
|
||||
pass
|
||||
|
||||
# Try Cargo.toml (Rust)
|
||||
cargo = project_dir / "Cargo.toml"
|
||||
if cargo.exists():
|
||||
try:
|
||||
data = tomllib.loads(cargo.read_text())
|
||||
if name := data.get("package", {}).get("name"):
|
||||
return name.replace("-", " ").replace("_", " ").title()
|
||||
except (tomllib.TOMLDecodeError, OSError, KeyError, AttributeError):
|
||||
pass
|
||||
|
||||
# Try go.mod (Go)
|
||||
go_mod = project_dir / "go.mod"
|
||||
if go_mod.exists():
|
||||
try:
|
||||
content = go_mod.read_text()
|
||||
for line in content.splitlines():
|
||||
if line.startswith("module "):
|
||||
module_path = line.split()[1]
|
||||
name = module_path.split("/")[-1]
|
||||
return name.replace("-", " ").replace("_", " ").title()
|
||||
except (OSError, ValueError, IndexError):
|
||||
pass
|
||||
|
||||
# Fallback to directory name
|
||||
return project_dir.name.replace("-", " ").replace("_", " ").title()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue