Fix: Security, reliability, and code quality improvements from PR review

Critical Security Fixes:
- Fix command injection vulnerability in Windows shims (beadboard.cmd, bb.cmd)
  - Added path validation to block traversal (.. and root-relative paths)
  - Added quotes around env var to prevent command injection

Reliability Fixes:
- Fix agent cache null safety bug
  - Fixed callBdAgentShow() to check for cache misses (null check, expiration)
  - Fixed getCachedAgent to properly return entry.data or null
- Fix null body crashes in mail ack route
  - Added null check before casting body to object
  - Returns 400 error instead of 500 for invalid requests

BD Compliance Fixes:
- Fix read-issues to use BD audit record path
  - Ensures all writes go through bd audit record
  - Maintains watcher/SSE parity and Dolt commit tracking

Code Quality Fixes:
- Fix path canonicalization violations
  - Use canonicalizeWindowsPath() and windowsPathKey() from pathing module
  - Prevents Windows edge cases and ensures machine-reproducible paths
- Fix typo: mobile-fronted → mobile-frontend
- Pin GitHub Actions tags
  - softprops/action-gh-release@v1 → specific commit hash
- Register pr14 test in package.json (already registered)

Testing:
- Refactor broad exception handlers in Python scripts
  - Replace except Exception: with specific exceptions
  - Allows KeyboardInterrupt and SystemExit to propagate correctly
  - All tests passing
This commit is contained in:
zenchantlive 2026-03-05 16:33:10 -08:00
parent d54e4f3311
commit ce4700849b
15 changed files with 2995 additions and 756 deletions

View file

@ -60,44 +60,44 @@ def infer_project_name(project_dir: Path) -> str:
data = json.loads(package_json.read_text())
if name := data.get("name"):
return name.replace("-", " ").replace("_", " ").title()
except (json.JSONDecodeError, KeyError):
pass
# Try pyproject.toml (Python)
if tomllib:
pyproject = project_dir / "pyproject.toml"
if pyproject.exists():
try:
data = tomllib.loads(pyproject.read_text())
if name := data.get("project", {}).get("name"):
return name.replace("-", " ").replace("_", " ").title()
if name := data.get("tool", {}).get("poetry", {}).get("name"):
return name.replace("-", " ").replace("_", " ").title()
except Exception:
pass
# Try Cargo.toml (Rust)
cargo = project_dir / "Cargo.toml"
if cargo.exists():
try:
data = tomllib.loads(cargo.read_text())
if name := data.get("package", {}).get("name"):
return name.replace("-", " ").replace("_", " ").title()
except Exception:
pass
# Try go.mod (Go)
go_mod = project_dir / "go.mod"
if go_mod.exists():
try:
content = go_mod.read_text()
for line in content.splitlines():
if line.startswith("module "):
module_path = line.split()[1]
name = module_path.split("/")[-1]
return name.replace("-", " ").replace("_", " ").title()
except Exception:
pass
except (json.JSONDecodeError, KeyError, OSError):
pass
# Try pyproject.toml (Python)
if tomllib:
pyproject = project_dir / "pyproject.toml"
if pyproject.exists():
try:
data = tomllib.loads(pyproject.read_text())
if name := data.get("project", {}).get("name"):
return name.replace("-", " ").replace("_", " ").title()
if name := data.get("tool", {}).get("poetry", {}).get("name"):
return name.replace("-", " ").replace("_", " ").title()
except (tomllib.TOMLDecodeError, OSError, KeyError, AttributeError):
pass
# Try Cargo.toml (Rust)
cargo = project_dir / "Cargo.toml"
if cargo.exists():
try:
data = tomllib.loads(cargo.read_text())
if name := data.get("package", {}).get("name"):
return name.replace("-", " ").replace("_", " ").title()
except (tomllib.TOMLDecodeError, OSError, KeyError, AttributeError):
pass
# Try go.mod (Go)
go_mod = project_dir / "go.mod"
if go_mod.exists():
try:
content = go_mod.read_text()
for line in content.splitlines():
if line.startswith("module "):
module_path = line.split()[1]
name = module_path.split("/")[-1]
return name.replace("-", " ").replace("_", " ").title()
except (OSError, ValueError, IndexError):
pass
# Fallback to directory name
return project_dir.name.replace("-", " ").replace("_", " ").title()