diff options
| author | toastal | 2026-04-15 01:43:05 +0000 |
|---|---|---|
| committer | ยท๐๐ด๐๐๐ฉ๐ค | 2026-04-15 01:43:05 +0000 |
| commit | 9b65a20925349dbdc5919041d81cbd12ad8facf1 (patch) | |
| tree | 81d98cf0191e890b2af523d69a2d2849b71157de /lib/kDL.ml | |
| parent | 2de700733370b22797ff71667f68c119951c3194 (diff) | |
| download | nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar.gz nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar.bz2 nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar.lz nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar.xz nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.tar.zst nixtaml-9b65a20925349dbdc5919041d81cbd12ad8facf1.zip | |
Phase 1: Fix security vulnerabilities and error handling
- Fix command injection in editor.ml using Filename.quote
- Change KDL.of_flow to return Result instead of failwith
- Update manifest.ml to handle new Result type
Security: Prevents shell injection when opening files with
malicious filenames containing shell metacharacters.
Error handling: KDL parsing errors now return Result type
instead of crashing with failwith.
Diffstat (limited to 'lib/kDL.ml')
| -rw-r--r-- | lib/kDL.ml | 5 |
1 files changed, 3 insertions, 2 deletions
@@ -11,8 +11,9 @@ let of_flow flow = (fun buf -> Eio.Buf_read.take_all buf |> Kdl.of_string) ~max_size: max_int flow + |> Result.ok with - | exn -> failwith (Printexc.to_string exn) + | Kdl.Parse_error (msg, _) -> Error (`ParseError msg) let to_flow flow doc = Eio.Buf_write.with_flow flow @@ fun buf -> @@ -40,7 +41,7 @@ module L = KDL_lens_result module Valid = struct type err = [ | L.lerr - | `ParseError of Kdl.error + | `ParseError of string | `OneRequired of string list | `OnlyOneOf of string list | `InvalidLatestCmd of string |