shoko/jujutsu-skills
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

[SECURITY] MEDIUM: --detail argument silently defaults when out of range #7

New Issue
Closed
opened 2026-03-25 10:38:53 +01:00 by shoko · 0 comments
shoko commented 2026-03-25 10:38:53 +01:00
Owner
Copy Link

Severity: MEDIUM

The --detail N argument is used to index into result["match_events"] without proper bounds checking. It silently defaults to index 0 when out of range.

Location

scripts/browse.py lines 778-785 (main())

Current Behavior

idx = args.detail - 1  # User provides 1-indexed
if idx < 0 or idx >= len(result["match_events"]):
    idx = 0  # Silently defaults to first event

Recommended Fix

Warn user if index is out of range instead of silently defaulting:

idx = args.detail - 1
if idx < 0 or idx >= len(result["match_events"]):
    print(f"WARNING: --detail {args.detail} is out of range (1-{len(result['match_events'])}). Showing event 1.")
    idx = 0

Reference

See reviews/2026-03-25.md Section 6.5

## Severity: MEDIUM The `--detail N` argument is used to index into `result["match_events"]` without proper bounds checking. It silently defaults to index 0 when out of range. ## Location `scripts/browse.py` lines 778-785 (`main()`) ## Current Behavior ```python idx = args.detail - 1 # User provides 1-indexed if idx < 0 or idx >= len(result["match_events"]): idx = 0 # Silently defaults to first event ``` ## Recommended Fix Warn user if index is out of range instead of silently defaulting: ```python idx = args.detail - 1 if idx < 0 or idx >= len(result["match_events"]): print(f"WARNING: --detail {args.detail} is out of range (1-{len(result['match_events'])}). Showing event 1.") idx = 0 ``` ## Reference See `reviews/2026-03-25.md` Section 6.5
shoko added the mediumsecurity labels 2026-03-25 10:38:53 +01:00
shoko closed this issue 2026-03-27 04:10:02 +01:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
approved
bug
Bug fix
 critical
Critical severity - stop using until fixed
 enhancement
Enhancement or feature
 high
High severity - fix ASAP
 in review
low
Low severity
 medium
Medium severity
 need adjustment
need clarification
need review
security
Security-related issues
No Label medium security
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
han shoko
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: shoko/jujutsu-skills#7
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?