rock/gstack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial import from garrytan/gstack@026751e (main snapshot via local relay)
Some checks failed
Workflow Lint / actionlint (push) Has been cancelled
Details
Build CI Image / build (push) Has been cancelled
Details
Skill Docs Freshness / check-freshness (push) Has been cancelled
Details
Periodic Evals / build-image (push) Has been cancelled
Details
Periodic Evals / evals (map[file:test/codex-e2e.test.ts name:e2e-codex]) (push) Has been cancelled
Details
Periodic Evals / evals (map[file:test/gemini-e2e.test.ts name:e2e-gemini]) (push) Has been cancelled
Details
Periodic Evals / evals (map[file:test/skill-e2e-design.test.ts name:e2e-design]) (push) Has been cancelled
Details
Periodic Evals / evals (map[file:test/skill-e2e-plan.test.ts name:e2e-plan]) (push) Has been cancelled
Details
Periodic Evals / evals (map[file:test/skill-e2e-qa-bugs.test.ts name:e2e-qa-bugs]) (push) Has been cancelled
Details
Periodic Evals / evals (map[file:test/skill-e2e-qa-workflow.test.ts name:e2e-qa-workflow]) (push) Has been cancelled
Details
Periodic Evals / evals (map[file:test/skill-e2e-review.test.ts name:e2e-review]) (push) Has been cancelled
Details
Periodic Evals / evals (map[file:test/skill-e2e-workflow.test.ts name:e2e-workflow]) (push) Has been cancelled
Details
Periodic Evals / evals (map[file:test/skill-routing-e2e.test.ts name:e2e-routing]) (push) Has been cancelled
Details

Browse Source 
Source: https://github.com/garrytan/gstack/commit/026751e
This commit is contained in:
Rocky
2026-05-19 21:18:17 +02:00
commit 834c6db075
797 changed files with 267839 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
browse/test/learnings-injection.test.ts Normal file
View File

@@ -0,0 +1,33 @@
import { describe, it, expect } from 'bun:test';
import * as fs from 'fs';
import * as path from 'path';
import { spawnSync } from 'child_process';
const SCRIPT_PATH = path.join(import.meta.dir, '../../bin/gstack-learnings-search');
const SCRIPT = fs.readFileSync(SCRIPT_PATH, 'utf-8');
const BIN_DIR = path.join(import.meta.dir, '../../bin');
describe('gstack-learnings-search injection safety', () => {
it('must not interpolate variables into JS string literals', () => {
const jsBlock = SCRIPT.slice(SCRIPT.indexOf('bun -e'));
expect(jsBlock).not.toMatch(/const \w+ = '\$\{/);
expect(jsBlock).not.toMatch(/= \$\{[A-Z_]+\};/);
expect(jsBlock).not.toMatch(/'\$\{CROSS_PROJECT\}'/);
});
it('must use process.env for parameters', () => {
const jsBlock = SCRIPT.slice(SCRIPT.indexOf('bun -e'));
expect(jsBlock).toContain('process.env');
});
});
describe('gstack-learnings-search injection behavioral', () => {
it('handles single quotes in query safely', () => {
const result = spawnSync('bash', [
path.join(BIN_DIR, 'gstack-learnings-search'),
'--query', "test'; process.exit(99); //",
'--limit', '1'
], { encoding: 'utf-8', timeout: 5000, env: { ...process.env, HOME: '/tmp/nonexistent-gstack-test' } });
expect(result.status).not.toBe(99);
});
});