fix: validate --base-commit is a hex SHA (#122)

--base-commit now rejects non-hex strings and strings outside 7-64 character range. Matches the pattern used by --reasoning-effort. Generated with https://github.com/Yeachan-Heo/gajae-code Co-authored-by: Gajae Code <dev@gajae-code.com>
2026-06-05 22:17:10 +08:00 · 2026-06-05 06:21:24 +09:00
parent b94c49c323
commit 934bf2837a
2 changed files with 11 additions and 1 deletions
--- a/rust/crates/rusty-claude-cli/src/main.rs
+++ b/rust/crates/rusty-claude-cli/src/main.rs
@@ -1598,6 +1598,16 @@ fn parse_args(args: &[String]) -> Result<CliAction, String> {
                let value = args
                    .get(index + 1)
                    .ok_or_else(|| "missing_flag_value: missing value for --base-commit.\nUsage: --base-commit <git-sha>".to_string())?;
+                // #122: validate that base-commit looks like a git SHA (hex, 7-64 chars)
+                if value.len() < 7
+                    || value.len() > 64
+                    || !value.chars().all(|c| c.is_ascii_hexdigit())
+                {
+                    return Err(format!(
+                        "invalid_flag_value: --base-commit expects a hex SHA (7-64 chars), got '{}'.\nUsage: --base-commit <git-sha>",
+                        value
+                    ));
+                }
                base_commit = Some(value.clone());
                index += 2;
            }