From 9b65a20925349dbdc5919041d81cbd12ad8facf1 Mon Sep 17 00:00:00 2001
From: toastal
Date: Wed, 15 Apr 2026 01:43:05 +0000
Subject: Phase 1: Fix security vulnerabilities and error handling

- Fix command injection in editor.ml using Filename.quote
- Change KDL.of_flow to return Result instead of failwith
- Update manifest.ml to handle new Result type

Security: Prevents shell injection when opening files with
malicious filenames containing shell metacharacters.

Error handling: KDL parsing errors now return Result type
instead of crashing with failwith.---
 lib/manifest.ml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib/manifest.ml')

diff --git a/lib/manifest.ml b/lib/manifest.ml
index 77c75f3..7bf2997 100644
--- a/lib/manifest.ml
+++ b/lib/manifest.ml
@@ -869,10 +869,11 @@ let read () =
 	let working_dir = Working_directory.get () in
 	let filepath = Eio.Path.(working_dir / filename) in
 	Logs.info (fun m -> m "Reading manifest @@ %a …" Eio.Path.pp filepath);
-	let* kdl =
+	let kdl_result =
 		Eio.Path.with_open_in filepath @@ fun flow ->
 		KDL.of_flow flow
 	in
+	let* kdl = kdl_result |> Result.map_error (fun (`ParseError msg) -> `Parsing [`ParseError msg]) in
 	let () = manifest := Some kdl in
 	Ok kdl
 
-- 
cgit v1.2.3