hai/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-05-09 14:09:47 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
f93ffe56cc6cb2e4957606868cc5a1756ef2c5dc
gstack/browse/test
History
Garry Tan bc80c4fae5 fix(security): cookie-import path validation bypass + hardcoded /tmp 
Two fixes:
1. cookie-import relative path bypass (#707): path.isAbsolute() gated the
   entire validation, so relative paths like "sensitive-file.json" bypassed
   the safe-directory check entirely. Now always resolves to absolute path
   with realpathSync for symlink resolution, matching validateOutputPath().

2. Hardcoded /tmp in cookie-import-browser (#708): openDbFromCopy used
   /tmp directly instead of os.tmpdir(), breaking Windows support.

Also adds explicit imports for SAFE_DIRECTORIES and isPathWithin in
write-commands.ts (previously resolved implicitly through bundler).

Closes #852

Co-Authored-By: Toby Morning <urbantech@users.noreply.github.com>
2026-04-13 09:33:48 -07:00
..
fixtures
feat: browser data platform for AI agents (v0.16.0.0) (#907)
2026-04-08 00:41:55 -07:00
activity.test.ts
feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517)
2026-03-26 11:15:24 -06:00
adversarial-security.test.ts
fix: security audit remediation — 12 fixes, 20 tests (v0.13.1.0) (#595)
2026-03-28 08:35:24 -06:00
batch.test.ts
refactor: extract TabSession for per-tab state isolation (v0.15.16.0) (#873)
2026-04-07 00:23:36 -07:00
browser-manager-unit.test.ts
feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517)
2026-03-26 11:15:24 -06:00
bun-polyfill.test.ts
fix: Windows support — Node.js server fallback for Playwright (#255)
2026-03-20 12:22:11 -07:00
commands.test.ts
fix(security): cookie-import path validation bypass + hardcoded /tmp
2026-04-13 09:33:48 -07:00
compare-board.test.ts
refactor: extract TabSession for per-tab state isolation (v0.15.16.0) (#873)
2026-04-07 00:23:36 -07:00
config.test.ts
fix: Windows browse — health-check-first ensureServer, detached startServer, Windows process mgmt (v0.11.11.0) (#431)
2026-03-24 00:38:10 -07:00
content-security.test.ts
feat: content security — 4-layer prompt injection defense for pair-agent (#815)
2026-04-06 14:41:06 -07:00
cookie-import-browser.test.ts
feat: Wave 3 — community bug fixes & platform support (v0.11.6.0) (#359)
2026-03-23 22:15:23 -07:00
cookie-picker-routes.test.ts
fix: cookie picker auth token leak (v0.15.17.0) (#904)
2026-04-08 10:10:13 -07:00
data-platform.test.ts
feat: browser data platform for AI agents (v0.16.0.0) (#907)
2026-04-08 00:41:55 -07:00
error-handling.test.ts
refactor: AI slop reduction with cross-model quality review (v0.16.3.0) (#941)
2026-04-10 17:13:15 -10:00
file-drop.test.ts
feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517)
2026-03-26 11:15:24 -06:00
find-browse.test.ts
feat: multi-agent support — gstack works on Codex, Gemini CLI, and Cursor (v0.9.0) (#226)
2026-03-19 18:20:50 -07:00
findport.test.ts
feat: community PRs — faster install, skill namespacing, uninstall, Codex fallback, Windows fix, Python patterns (v0.12.9.0) (#561)
2026-03-27 00:44:37 -06:00
gstack-config.test.ts
feat: composable skills — INVOKE_SKILL resolver + factoring infrastructure (v0.13.7.0) (#644)
2026-03-29 23:35:17 -06:00
gstack-update-check.test.ts
fix: community PRs + security hardening + E2E stability (v0.12.7.0) (#552)
2026-03-26 23:21:27 -06:00
handoff.test.ts
refactor: extract TabSession for per-tab state isolation (v0.15.16.0) (#873)
2026-04-07 00:23:36 -07:00
learnings-injection.test.ts
fix: community security wave — 8 PRs, 4 contributors (v0.15.13.0) (#847)
2026-04-06 00:47:04 -07:00
path-validation.test.ts
fix: community security wave — 8 PRs, 4 contributors (v0.15.13.0) (#847)
2026-04-06 00:47:04 -07:00
platform.test.ts
fix: Windows support — Node.js server fallback for Playwright (#255)
2026-03-20 12:22:11 -07:00
security-audit-r2.test.ts
feat: browser data platform for AI agents (v0.16.0.0) (#907)
2026-04-08 00:41:55 -07:00
server-auth.test.ts
fix: cookie picker auth token leak (v0.15.17.0) (#904)
2026-04-08 10:10:13 -07:00
sidebar-agent-roundtrip.test.ts
fix: sidebar agent uses real tab URL instead of stale Playwright URL (v0.12.6.0) (#544)
2026-03-26 22:07:03 -06:00
sidebar-agent.test.ts
feat: content security — 4-layer prompt injection defense for pair-agent (#815)
2026-04-06 14:41:06 -07:00
sidebar-integration.test.ts
fix: sidebar agent uses real tab URL instead of stale Playwright URL (v0.12.6.0) (#544)
2026-03-26 22:07:03 -06:00
sidebar-security.test.ts
feat: GStack Browser — double-click AI browser with anti-bot stealth (#695)
2026-04-04 10:17:05 -07:00
sidebar-unit.test.ts
fix: sidebar agent uses real tab URL instead of stale Playwright URL (v0.12.6.0) (#544)
2026-03-26 22:07:03 -06:00
sidebar-ux.test.ts
fix: community security wave — 8 PRs, 4 contributors (v0.15.13.0) (#847)
2026-04-06 00:47:04 -07:00
snapshot.test.ts
refactor: extract TabSession for per-tab state isolation (v0.15.16.0) (#873)
2026-04-07 00:23:36 -07:00
state-ttl.test.ts
fix: security audit remediation — 12 fixes, 20 tests (v0.13.1.0) (#595)
2026-03-28 08:35:24 -06:00
tab-isolation.test.ts
feat: browser data platform for AI agents (v0.16.0.0) (#907)
2026-04-08 00:41:55 -07:00
test-server.ts
feat: Phase 3.5 — cookie import, QA testing, team retro (v0.3.1) (#29)
2026-03-13 00:31:41 -07:00
token-registry.test.ts
feat: browser data platform for AI agents (v0.16.0.0) (#907)
2026-04-08 00:41:55 -07:00
url-validation.test.ts
fix: community security wave — 8 PRs, 4 contributors (v0.15.13.0) (#847)
2026-04-06 00:47:04 -07:00
watch.test.ts
feat: headed mode + sidebar agent + Chrome extension (v0.12.0) (#517)
2026-03-26 11:15:24 -06:00
welcome-page.test.ts
feat: GStack Browser — double-click AI browser with anti-bot stealth (#695)
2026-04-04 10:17:05 -07:00