chore(#137): update CHANGELOG with security fixes from review
PR Ready Gate / clear-labels (pull_request) Successful in 2s
CI / test (pull_request) Successful in 17s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 44s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m31s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m48s
PR Ready Gate / clear-labels (pull_request) Successful in 2s
CI / test (pull_request) Successful in 17s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 44s
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m31s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m48s
This commit is contained in:
Rodin
@@ -27,6 +27,12 @@ mappings:
|
|||||||
- Multiple mappings can reference the same doc; docs are deduplicated
|
- Multiple mappings can reference the same doc; docs are deduplicated
|
||||||
- Missing doc files: warn and skip (review continues without them)
|
- Missing doc files: warn and skip (review continues without them)
|
||||||
- No matching paths: no docs injected, review runs normally
|
- No matching paths: no docs injected, review runs normally
|
||||||
|
- Absolute paths and path traversal (`..` segments) in doc paths are rejected
|
||||||
|
|
||||||
|
### Security
|
||||||
|
|
||||||
|
- **Path traversal guard**: doc paths from the YAML config are validated to reject absolute paths and `..` segments before VCS API calls
|
||||||
|
- **Prompt injection guard**: design doc content is injected with an explicit instruction to treat it as reference data and not follow any instructions it may contain
|
||||||
|
|
||||||
## v0.3.2
|
## v0.3.2
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user