From 36bcf20588ab918c06b4f12947091d8313cbd725 Mon Sep 17 00:00:00 2001 From: Necip Sunmaz Date: Mon, 9 Mar 2026 06:46:49 +0300 Subject: [PATCH] fix: address code review findings from cubic-dev-ai - Fix path traversal regex prefix confusion in perl-security skill - Revert v1.4.0 changelog entry (Perl not part of that release) - Rename $a/$b to $x/$y to avoid shadowing sort globals - Replace return undef with bare return per perlcritic rules --- README.md | 2 +- skills/perl-patterns/SKILL.md | 8 ++++---- skills/perl-security/SKILL.md | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 2e5c7d19..bed8a0d3 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,7 @@ This repo is the raw code only. The guides explain everything. - **Interactive installation wizard** — New `configure-ecc` skill provides guided setup with merge/overwrite detection - **PM2 & multi-agent orchestration** — 6 new commands (`/pm2`, `/multi-plan`, `/multi-execute`, `/multi-backend`, `/multi-frontend`, `/multi-workflow`) for managing complex multi-service workflows -- **Multi-language rules architecture** — Rules restructured from flat files into `common/` + `typescript/` + `python/` + `golang/` + `perl/` directories. Install only the languages you need +- **Multi-language rules architecture** — Rules restructured from flat files into `common/` + `typescript/` + `python/` + `golang/` directories. Install only the languages you need - **Chinese (zh-CN) translations** — Complete translation of all agents, commands, skills, and rules (80+ files) - **GitHub Sponsors support** — Sponsor the project via GitHub Sponsors - **Enhanced CONTRIBUTING.md** — Detailed PR templates for each contribution type diff --git a/skills/perl-patterns/SKILL.md b/skills/perl-patterns/SKILL.md index eafd245c..c6ad5031 100644 --- a/skills/perl-patterns/SKILL.md +++ b/skills/perl-patterns/SKILL.md @@ -157,14 +157,14 @@ sub fetch_user($id) { ```perl use v5.40; -sub divide($a, $b) { +sub divide($x, $y) { try { - die "Division by zero" if $b == 0; - return $a / $b; + die "Division by zero" if $y == 0; + return $x / $y; } catch ($e) { warn "Error: $e"; - return undef; + return; } } ``` diff --git a/skills/perl-security/SKILL.md b/skills/perl-security/SKILL.md index 113ff5bb..1dce40ec 100644 --- a/skills/perl-security/SKILL.md +++ b/skills/perl-security/SKILL.md @@ -197,7 +197,7 @@ sub safe_path($base_dir, $user_path) { // die "Path does not exist\n"; my $base_real = realpath($base_dir) // die "Base dir does not exist\n"; - die "Path traversal blocked\n" unless $real =~ /^\Q$base_real\E/; + die "Path traversal blocked\n" unless $real =~ /^\Q$base_real\E\//; return $real; } ```