kenji/illogical-impulse
1
0
Fork 0
forked from Shinonome/dots-hyprland
Code Pull Requests Activity

fix(ai): Fix JSON injection vulnerability in primary-buffer-query.sh (#1973)

Browse Source
This commit is contained in:
end-4
2025-09-21 20:04:15 +02:00
committed by GitHub
parent 8aebbb1b51 a719ca684c
commit 7bbd1d2d52
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.config/hypr/hyprland/scripts/ai/primary-buffer-query.sh
+7 -5
View File
@@ -23,13 +23,15 @@ while [[ "$#" -gt 0 ]]; do
done done
# Combine the system prompt with the clipboard content # Combine the system prompt with the clipboard content
content=$(wl-paste -p | tr '\n' ' ') content=$(wl-paste -p | tr '\n' ' ' | head -c 2000) # 2000 char limit to prevent overflow
prompt="$SYSTEM_PROMPT $content"
# Properly escape content for JSON using jq
prompt_json=$(jq -n --arg system_prompt "$SYSTEM_PROMPT" --arg content "$content" '$system_prompt + " " + $content')
# Make the API call with the specified or default model # Make the API call with the specified or default model
response=$(curl http://localhost:11434/api/generate -d \ api_payload=$(jq -n --arg model "$model" --argjson prompt "$prompt_json" --argjson stream false \
"{\"model\": \"$model\",\"prompt\": \"$prompt\",\"stream\": false}" \ '{model: $model, prompt: $prompt, stream: $stream}')
| jq -r '.response') response=$(curl -s http://localhost:11434/api/generate -d "$api_payload" | jq -r '.response' 2>/dev/null)
# Check if content is a single line and no longer than 30 characters # Check if content is a single line and no longer than 30 characters
if [[ ${#content} -le 30 && "$content" != *$'\n'* ]]; then if [[ ${#content} -le 30 && "$content" != *$'\n'* ]]; then