Skip to content

Turns-off upload *.* files, addresses conflicts in previous PR #282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jackspace wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Turns-off upload *.* files, addresses conflicts in previous PR #282

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
3def80c
docs: Add comprehensive security analysis for PR #281
claude Nov 19, 2025
218cedf
security: Apply critical security fixes from PR #281 review
claude Nov 19, 2025
4f78103
docs: Add wiki export files for security review documentation
claude Nov 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 22 additions & 2 deletions cli/main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -497,8 +497,28 @@ def create_question_box(title, prompt, default=None):


def get_ticker():
"""Get ticker symbol from user input."""
return typer.prompt("", default="SPY")
"""Get ticker symbol from user input with validation."""
while True:
ticker = typer.prompt("", default="SPY")
try:
# Validate ticker format
if not ticker or len(ticker) > 10:
console.print("[red]Error: Ticker must be 1-10 characters[/red]")
continue

# Check for path traversal attempts
if '..' in ticker or '/' in ticker or '\\' in ticker:
console.print("[red]Error: Invalid characters in ticker symbol[/red]")
continue

# Validate characters (alphanumeric, dots, hyphens only)
if not all(c.isalnum() or c in '.-' for c in ticker):
console.print("[red]Error: Ticker can only contain letters, numbers, dots, and hyphens[/red]")
continue

return ticker.upper() # Return normalized uppercase ticker
except Exception as e:
console.print(f"[red]Error validating ticker: {e}[/red]")
Comment on lines +503 to +521
Copy link

@gemini-code-assist gemini-code-assist bot Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

The try...except Exception block is too broad and can hide important errors. For instance, if the user presses Ctrl+C, typer.prompt raises a typer.Abort exception, which would be caught here, printing an error and continuing the loop instead of exiting the program as expected. The validation logic itself is unlikely to raise exceptions. It's better to remove the try...except block and let exceptions like Abort propagate naturally.

        # Validate ticker format
        if not ticker or len(ticker) > 10:
            console.print("[red]Error: Ticker must be 1-10 characters[/red]")
            continue

        # Check for path traversal attempts
        if '..' in ticker or '/' in ticker or '\' in ticker:
            console.print("[red]Error: Invalid characters in ticker symbol[/red]")
            continue

        # Validate characters (alphanumeric, dots, hyphens only)
        if not all(c.isalnum() or c in '.-' for c in ticker):
            console.print("[red]Error: Ticker can only contain letters, numbers, dots, and hyphens[/red]")
            continue

        return ticker.upper()  # Return normalized uppercase ticker



def get_analysis_date():
Expand Down
Loading