#559 — Markdown body safety / eval removal: - Add test-issue-create-body-safety.sh: feeds a hostile Markdown body ($(...), backticks, quotes, $vars, pipes) through issue-create.sh and asserts no command substitution runs and the body reaches tea verbatim. - Convert issue-comment.sh from unquoted $(get_gitea_repo_args) word-splitting to an argv array with an explicit loud login-resolution error. - Confirmed: zero eval usages remain across tools/git/*.sh; the other body-carrying wrappers (issue-create, pr-create, issue-edit, issue-assign) already use argv arrays. #560 — host-derived Gitea login + loud failure: - detect-platform.sh: add print_gitea_login_diagnostic and emit it on the get_gitea_login_for_host failure path (stderr only) — names the unresolved host, lists available tea logins, and gives the GITEA_LOGIN override + tea-login-add fix. Replaces the previous silent failure. - Extend test-gitea-login-resolution.sh: assert the diagnostic fires and lists logins, login is derived from origin host for both mosaicstack and usc (scoped second tea mock), and a valid GITEA_LOGIN override is honored. Also gitignore the .mosaic-test-work/ shell-harness scratch dir. Scope: wrapper surface only. All wrapper test harnesses pass locally.
This commit is contained in:
jason.woltje
3
.gitignore
vendored
3
.gitignore
vendored
@@ -12,3 +12,6 @@ docs/reports/
|
||||
|
||||
# Step-CA dev password — real file is gitignored; commit only the .example
|
||||
infra/step-ca/dev-password
|
||||
|
||||
# Scratch dirs created by the framework git-wrapper shell test harnesses
|
||||
.mosaic-test-work/
|
||||
|
||||
Reference in New Issue
Block a user