phaneron/Kelsidavis-WoWee
1
0
Fork 0
mirror of https://github.com/Kelsidavis/WoWee.git synced 2026-04-03 12:03:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

security: path traversal rejection, packet length validation; code quality

Browse source 
Security:
- Asset loader rejects paths containing ".." sequences (path traversal)
- Chat message parser validates length against remaining packet bytes
  before resize(), preventing memory exhaustion from malformed packets

Code quality:
- Extract 11 named geoset constants (kGeosetBareForearms, kGeosetWithCape,
  etc.) replacing ~40 magic number sites across 4 code paths
- Add build-debug/ and .claude/ to .gitignore
- Remove .claude/scheduled_tasks.lock from tracking
This commit is contained in:
Kelsi 2026-03-27 18:42:48 -07:00
parent e61b23626a
commit e2383725f0
5 changed files with 87 additions and 59 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.gitignore vendored
View file

@ -1,5 +1,6 @@
# Build directories
build/
build-debug/
build-sanitize/
bin/
lib/
@ -34,6 +35,9 @@ Makefile
*.app
wowee
# Claude Code internal state
.claude/
# IDE files
.vscode/
.idea/