alee/relicario
1
0
Fork 0
Code Issues Pull Requests 4 Actions Packages Projects Releases Wiki Activity

fix(cli): sanitize item titles in commit messages (audit I1)

Browse Source 
Control characters (newlines, tabs) in item titles corrupted git log
output. Now strips control chars and truncates to 50 chars.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
adlee-was-taken
2026-05-02 09:23:52 -04:00
parent 81f1f8ec31
commit d6703be2b1
2 changed files with 46 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
crates/relicario-cli/src/main.rs
View File

@@ -576,7 +576,7 @@ fn cmd_add(kind: AddKind) -> Result<()> {
paths.push(format!("attachments/{}/{}.enc", item.id.as_str(), att.id.as_str()));
}
let path_refs: Vec<&str> = paths.iter().map(|s| s.as_str()).collect();
commit_paths(&vault, &format!("add: {} ({})", item.title, item.id.as_str()), &path_refs)?;
commit_paths(&vault, &format!("add: {} ({})", crate::helpers::sanitize_for_commit(&item.title), item.id.as_str()), &path_refs)?;
eprintln!("Added: {} (id={})", item.title, item.id.as_str());
Ok(())
@@ -1121,7 +1121,7 @@ fn cmd_edit(query: String, totp_qr: Option<PathBuf>) -> Result<()> {
manifest.upsert(&item);
vault.save_manifest(&manifest)?;
refresh_groups_cache(vault.root(), &manifest);
commit_paths(&vault, &format!("edit: {} ({})", item.title, item.id.as_str()),
commit_paths(&vault, &format!("edit: {} ({})", crate::helpers::sanitize_for_commit(&item.title), item.id.as_str()),
&[&format!("items/{}.enc", item.id.as_str()), "manifest.enc"])?;
eprintln!("Updated {}", item.id.as_str());
Ok(())
@@ -1338,7 +1338,7 @@ fn cmd_rm(query: String) -> Result<()> {
manifest.upsert(&item);
vault.save_manifest(&manifest)?;
refresh_groups_cache(vault.root(), &manifest);
commit_paths(&vault, &format!("trash: {} ({})", item.title, item.id.as_str()),
commit_paths(&vault, &format!("trash: {} ({})", crate::helpers::sanitize_for_commit(&item.title), item.id.as_str()),
&[&format!("items/{}.enc", item.id.as_str()), "manifest.enc"])?;
eprintln!("Moved to trash: {}", item.title);
Ok(())
@@ -1356,7 +1356,7 @@ fn cmd_restore(query: String) -> Result<()> {
manifest.upsert(&item);
vault.save_manifest(&manifest)?;
refresh_groups_cache(vault.root(), &manifest);
commit_paths(&vault, &format!("restore: {} ({})", item.title, item.id.as_str()),
commit_paths(&vault, &format!("restore: {} ({})", crate::helpers::sanitize_for_commit(&item.title), item.id.as_str()),
&[&format!("items/{}.enc", item.id.as_str()), "manifest.enc"])?;
eprintln!("Restored: {}", item.title);
Ok(())
@@ -1858,7 +1858,9 @@ fn cmd_attach(query: String, file: PathBuf) -> Result<()> {
];
let path_refs: Vec<&str> = paths.iter().map(|s| s.as_str()).collect();
commit_paths(&vault, &format!("attach: {}{} ({})",
file.display(), item.title, item.id.as_str()), &path_refs)?;
crate::helpers::sanitize_for_commit(&file.display().to_string()),
crate::helpers::sanitize_for_commit(&item.title),
item.id.as_str()), &path_refs)?;
eprintln!("Attached {} to {} (aid={})", file.display(), item.title, enc.id.as_str());
Ok(())
}
@@ -1941,7 +1943,7 @@ fn cmd_detach(query: String, aid: String) -> Result<()> {
let blob_relpath = format!("attachments/{}/{}.enc", item.id.as_str(), removed.id.as_str());
commit_paths(
&vault,
&format!("detach: {} from {} ({})", removed.filename, item.title, item.id.as_str()),
&format!("detach: {} from {} ({})", crate::helpers::sanitize_for_commit(&removed.filename), crate::helpers::sanitize_for_commit(&item.title), item.id.as_str()),
&[&item_path, "manifest.enc", &blob_relpath],
)?;
eprintln!("Detached {} (aid={}) from {}", removed.filename, aid, item.title);