ldy26098
/
BMAD-METHOD
mirror of https://github.com/bmad-code-org/BMAD-METHOD.git
1
0
Fork 0
Code Packages Projects Releases Wiki Activity

Merge 0a36805c7a into a5e2b1c63a

This commit is contained in:
shanecodezzz 2026-02-15 08:02:32 -06:00 committed by GitHub
parent a5e2b1c63a 0a36805c7a
commit e0f7a34be6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
tools/cli/installers/lib/core/config-collector.js
View File

@ -1175,11 +1175,25 @@ class ConfigCollector {
if (!input && item.required) { if (!input && item.required) {
return 'This field is required'; return 'This field is required';
} }
// Validate against regex pattern if provided if (input) {
if (input && item.regex) { if (input.length > 1024) {
const regex = new RegExp(item.regex); return 'Input is too long (maximum 1024 characters)';
if (!regex.test(input)) { }
return `Invalid format. Must match pattern: ${item.regex}`; if (/\.\.[/\\]/.test(input)) {
return 'Path traversal sequences (../ or ..\\) are not allowed';
}
if (/[;|&`$(){}!<>]/.test(input) && !item.allowSpecialChars) {
return 'Special characters (;|&`$(){}!<>) are not allowed';
}
if (/[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/.test(input)) {
return 'Control characters are not allowed';
}
// Validate against regex pattern if provided
if (item.regex) {
const regex = new RegExp(item.regex);
if (!regex.test(input)) {
return `Invalid format. Must match pattern: ${item.regex}`;
}
} }
} }
return true; return true;