catlog22 ad6c18f615 fix(security): prevent command injection and strengthen input validation ...

BREAKING: executeCodexLens now uses shell:false to prevent RCE

Security fixes:
- Remove shell:true from spawn() to prevent command injection (CRITICAL)
- Add .env value escaping to prevent injection when file is sourced
- Strengthen path validation with startsWith to block subdirectories
- Add path traversal detection (../)
- Improve JSON extraction to handle trailing CLI output

Features:
- Refactor CodexLens panel to tabbed layout (Overview/Settings/Search/Advanced)
- Add environment variables editor for ~/.codexlens/.env
- Add API concurrency settings (max_workers, batch_size)
- Add escapeHtml() helper to prevent XSS
- Implement merge mode for env saving to preserve custom variables

2026-01-03 18:33:47 +08:00

..

commands

fix(issue): Enhance worktree detection with fallback support

2026-01-03 12:32:26 +08:00

config

feat: Unified Embedding Pool with auto-discovery

2025-12-25 16:06:49 +08:00

core

fix(security): prevent command injection and strengthen input validation

2026-01-03 18:33:47 +08:00

mcp-server

feat: Add context_cache MCP tool with simplified CLI options

2025-12-23 19:54:05 +08:00

templates

fix(security): prevent command injection and strengthen input validation

2026-01-03 18:33:47 +08:00

tools

fix(security): prevent command injection and strengthen input validation

2026-01-03 18:33:47 +08:00

types

feat: Unified Embedding Pool with auto-discovery

2025-12-25 16:06:49 +08:00

utils

fix(python): improve Python detection and pip command reliability

2025-12-30 15:23:44 +08:00

cli.ts

feat(issue): Add multi-queue support and enhanced failure handling

2026-01-03 11:31:49 +08:00

index.ts

perf(ccw): optimize I/O operations and add caching layer

2025-12-14 12:11:29 +08:00