Skip to content

Comments

Audit/production readiness 20260221#60

Merged
wallydz merged 2 commits intoVPNht:vpnht-rewritefrom
wallydz:audit/production-readiness-20260221
Feb 21, 2026
Merged

Audit/production readiness 20260221#60
wallydz merged 2 commits intoVPNht:vpnht-rewritefrom
wallydz:audit/production-readiness-20260221

Conversation

@wallydz
Copy link
Collaborator

@wallydz wallydz commented Feb 21, 2026

Description

Brief description of the changes in this PR.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Performance improvement
  • Security enhancement
  • Code refactoring

Related Issues

Fixes #(issue number)
Closes #(issue number)

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

Security Checklist

  • No hardcoded secrets or credentials
  • Input validation is implemented
  • Error messages do not leak sensitive information
  • Principle of least privilege is followed

Testing

  • Manual testing performed
  • Unit tests added/updated
  • Integration tests added/updated
  • UI tests pass (if applicable)

Screenshots (if applicable)

Add screenshots to help explain your changes.

Additional Context

Add any other context about the pull request here.

wallydz-bot[bot] added 2 commits February 21, 2026 20:33
The previous implementation used format!() to build shell scripts,
allowing potential command injection if cmd or args contained special
characters like quotes, backticks, or semicolons.

Fix by implementing proper shell escaping using single-quote escaping,
which safely handles all special characters including embedded quotes.

Before (vulnerable):
  do shell script "cmd args" with administrator privileges

After (safe):
  do shell script 'cmd' 'arg1' 'arg2' with administrator privileges

Also improved Command builder to use .arg() instead of .args() with
mutable Vec references for cleaner code.
@wallydz wallydz merged commit 7220788 into VPNht:vpnht-rewrite Feb 21, 2026
7 of 19 checks passed
@codecov-commenter
Copy link

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 27.50%. Comparing base (8307b6f) to head (0aa7cda).
⚠️ Report is 11 commits behind head on vpnht-rewrite.
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files
@@                Coverage Diff                @@
##           vpnht-rewrite      #60      +/-   ##
=================================================
+ Coverage          27.22%   27.50%   +0.27%     
=================================================
  Files                 19       19              
  Lines               2755     2767      +12     
  Branches             115      117       +2     
=================================================
+ Hits                 750      761      +11     
- Misses              1996     1997       +1     
  Partials               9        9              
Flag Coverage Δ
frontend 27.50% <ø> (+0.27%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants