matthew/claw-apply
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: audit cleanup — ReDoS guard, Telegram validation, README accuracy

Browse Source 
- form_filler.mjs: reject regex patterns over 200 chars to mitigate ReDoS
- notify.mjs: check res.ok before parsing Telegram API response
- README: update project structure with new lib/apply/ modules, session.mjs,
  keywords.mjs; fix max_applications_per_run docs (no limit by default);
  clarify ATS stub status in roadmap

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Matthew Jackson
2026-03-05 17:20:32 -08:00
parent 33f85c4752
commit ec68e621b8
3 changed files with 19 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/form_filler.mjs
View File

@@ -23,6 +23,7 @@ export class FormFiller {
// Check custom answers first (user-defined, pattern is substring or regex)
for (const entry of this.answers) {
try {
if (entry.pattern.length > 200) throw new Error('pattern too long');
const re = new RegExp(entry.pattern, 'i');
if (re.test(l)) return String(entry.answer);
} catch {

1
lib/notify.mjs
View File

@@ -32,6 +32,7 @@ export async function sendTelegram(settings, message) {
}),
});
lastSentAt = Date.now();
if (!res.ok) { console.error(`[notify] Telegram HTTP error: ${res.status}`); return; }
const data = await res.json();
if (!data.ok) console.error('[notify] Telegram error:', data.description);
} catch (e) {