issues Search Results · language:Dune language:TypeScript language:JavaScript language:Java linked:pr language:JavaScript
Filter by
6.6M results
问题描述
check-destructive.sh 中多个正则模式存在绕过漏洞:
1. rm 正则绕过(行 20)
正则要求路径后紧跟 /,以下命令可绕过:
- glob 后缀(/*)
- 无尾部 / 的路径
- 波浪号 ~
- 环境变量 $HOME
2. dd 正则绕过(行 26)
正则要求设备名仅含小写字母,含数字的设备名(如 sda1、nvme0n1)可绕过。
3. ...
bug
code-review
P1
gjczone
问题描述
settings.json 中 defaultMode: bypassPermissions 意味着所有工具调用(包括 Bash)无需权限提示即可执行。而 check-destructive.sh 仅检查 4
种危险模式,大量危险命令可静默执行:
- 删除用户主目录的变体
- 全盘权限开放命令
- 磁盘覆盖命令
- 远程代码执行管道
- 分区覆盖命令
Pi 的 ...
bug
code-review
P0
The following managed files have drifted from the canonical source in f5xc-salesdemos/docs-control:
- CLAUDE.md
- .textlintrc
- .codespellrc
- .gitleaks.toml
- scripts/locale-lint.sh
- .claude/governance.json ...
robinmordasiewicz
What
Fix the verified foundation/CLI drifts, touching ONLY cli.md, packages.md, structure.md, index.md, getting-started.md,
proof.md: packages.md:53 + cli.md:8 say the lifecycle is run/status/stop but ...
area: dx
enhancement
vndredev
Players may forget to leave the room they joined once they are done playing. In this case, /lfg list s output is
outdated.
Bot should define and monitor inactivity , eventually warn inactive players that ...
Area:LFG
enhancement
NotABot-FES
What
Fix the verified drifts, touching ONLY mcp.md + changelog.md + doc-system.md: mcp.md:45 says Twenty-five tools but there
are 26 (read 3 + structure 12 + data 5 + github 6) — fix the count and have ...
area: dx
enhancement
What
Update the primitive/design docs + demos to the BUILT four-axis design language (variant·tone·size·density), touching
button.md, badge.md, checkbox.md, select.md, primitives.md, a NEW context-menu.md, ...
area: emit
enhancement
What
Fix the verified generation-doc drifts, touching ONLY emit.md + views.md + components.md: views.md:71 — radio must be
radioGroup (the real view-node name; radio throws at generate + the MCP rejects ...
area: emit
enhancement
What
Fix the stale status claims in the two flow docs against the BUILT reality (verified in the audit), touching ONLY
workflow.md + agent.md: workflow.md:25 step 10 (Merge) is marked ❌ but vow agent ...
area: agent
enhancement
What
Add a docs-reading tool group to @vow/mcp (e.g. list_docs + read_docs, optionally search_docs) that serves the same
docs/guide markdown the site renders, so an agent driving @vow/mcp over stdio can ...
area: agent
enhancement
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.
Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.