mirror of https://github.com/garrytan/gstack.git
bfeb6462ee
A malformed `--max-bytes` value silently turned the redaction engine's oversize guard from fail-CLOSED into fail-OPEN. `bin/gstack-redact` parsed the flag with `parseInt(...)` and passed the result straight through, so `--max-bytes notanumber` became `maxBytes: NaN`. In `lib/redact-engine.ts`, `opts.maxBytes ?? DEFAULT_MAX_BYTES` only catches null/undefined — `NaN` slipped past, and `byteLen > NaN` is always false, so the "input too large to scan safely" block never fired. A negative value made the opposite happen: every input blocked with a nonsensical `> -5 bytes`. - engine: treat a non-finite or non-positive `maxBytes` as invalid and fall back to the known-good 1 MiB default, so the guard stays intact for every caller regardless of how the cap was computed. - CLI: reject a malformed `--max-bytes` with a clear stderr error and exit 1 (usage error, distinct from the 0/2/3 finding-tier codes) instead of silently passing NaN. - tests: engine regression (invalid cap still fails closed at the default) and CLI contract (malformed flag exits 1). Fixes #1824 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| conductor-env-shim.ts | ||
| gbrain-exec.ts | ||
| gbrain-guards.ts | ||
| gbrain-local-status.ts | ||
| gbrain-sources.ts | ||
| gstack-memory-helpers.ts | ||
| redact-audit-log.ts | ||
| redact-engine.ts | ||
| redact-patterns.ts | ||
| worktree.ts | ||