mirror of
https://github.com/glittercowboy/get-shit-done
synced 2026-04-25 17:25:23 +02:00
9f79cdc40a
* fix(security): neutralize spaced+closing injection markers; fix audit-uat resolved status scanForInjection recognizes — adds <user> tags, whitespace-padded tags (e.g. <user >), closing [/SYSTEM]/[/INST] markers, and closing <</SYS>> markers. Five new regression tests confirm each gap is closed. whose result column reads PASS or resolved, so items that were already confirmed do not appear as outstanding in audit-uat --raw. Two new regression tests cover item-level PASS and file-level status: passed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * test: add closing-tag assertion for spaced <user > sanitization The test for 'neutralizes spaced tags like <user >' only asserted that the opening token '<user' was removed. A spaced closing tag '</user >' could survive sanitization undetected. Added assert.ok(!result.includes('</user')) to the same test block so both sides of the tag are verified. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
31 KiB
31 KiB