molecule-ai[bot] c90ada34ac fix(container_files.go): add validateRelPath definition + CWE-78 exec form (#1328) ... Issue #1317: validateRelPath was called in deleteViaEphemeral but never defined — staging dc21821 would fail Go build if CI completed. Changes: - Add validateRelPath function (filepath.Clean + abs/traversal guard) matching the pattern used on main (PR #1310). - Upgrade deleteViaEphemeral to exec form ([]string{...}) so filePath is passed as a plain argument, not interpolated into a shell string. This eliminates shell injection (CWE-78) entirely. - Add ContainerWait loop to guarantee rm completes before container removal (avoids race on fast delete vs container-stop). Co-authored-by: Molecule AI Infra-Runtime-BE <infra-runtime-be@agents.moleculesai.app> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-04-21 07:28:36 +00:00
..
cmd/server	fix(go): replace $1 literal with resp.Body.Close() in 7 files (#1247)	2026-04-21 03:18:21 +00:00
internal	fix(container_files.go): add validateRelPath definition + CWE-78 exec form (#1328)	2026-04-21 07:28:36 +00:00
migrations	fix(F1089): log panic-recovery UPDATE errors in scheduler (#1233)	2026-04-21 02:45:25 +00:00
pkg/provisionhook	fix(docker): fix plugin go.mod replace for TokenProvider interface (#960)	2026-04-20 13:42:53 -07:00
.gitignore	feat(ws-server): pull env from CP on startup	2026-04-19 02:41:15 -07:00
Dockerfile	fix(security): add USER directive before ENTRYPOINT in all tenant images (#1155)	2026-04-20 23:51:33 +00:00
Dockerfile.tenant	fix(security): add USER directive before ENTRYPOINT in all tenant images (#1155)	2026-04-20 23:51:33 +00:00
entrypoint-tenant.sh	fix(security): add USER directive before ENTRYPOINT in all tenant images (#1155)	2026-04-20 23:51:33 +00:00
go.mod	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00
go.sum	chore: open-source restructure — rename dirs, remove internal files, scrub secrets	2026-04-18 00:24:44 -07:00