🔒 Fix missing end-of-options indicator in grep command

[savvides]

🎯 What: The vulnerability fixed
In bin/idstack-learnings-search, grep commands were executing with user-supplied search variables ($KEYWORD, $TYPE) without the end-of-options indicator (--).

⚠️ Risk: The potential impact if left unfixed
Variables starting with a hyphen (-) are interpreted by grep as command-line options instead of search patterns. This can lead to unexpected errors, option injection vulnerabilities, or denial of service when users input certain search terms (like -e).

🛡️ Solution: How the fix addresses the vulnerability
Added the -- indicator before the variables in the grep commands. This ensures that any subsequent string, even if it starts with a hyphen, is treated as a pattern or file name, not an option. Also updated deprecated tail -"$LIMIT" to the standard tail -n "$LIMIT".

---

PR created automatically by Jules for task 10522436323216790778 started by @savvides

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[gemini-code-assist]

Code Review

This pull request updates the bin/idstack-learnings-search script to use standard tail -n syntax and adds -- to grep commands to prevent arguments from being interpreted as options. The feedback suggests refactoring the script to eliminate duplicated fallback logic by using a flag variable, which would improve maintainability.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

The fallback basic grep logic is duplicated across the Python execution failure block (lines 74-80) and the else block when Python is not available (lines 83-89). This duplication makes the script harder to maintain and prone to errors if the fallback logic needs to be updated in the future (as seen in this PR where changes had to be applied in both places).

We can eliminate this duplication by setting a flag RUN_FALLBACK=1 and executing the fallback logic once after the if-else block.

" 2>/dev/null || RUN_FALLBACK=1
else
  RUN_FALLBACK=1
fi

if [ "$RUN_FALLBACK" = "1" ]; then
  if [ -n "$KEYWORD" ]; then
    cat $SOURCES 2>/dev/null | grep -i -- "$KEYWORD" | tail -n "$LIMIT"
  elif [ -n "$TYPE" ]; then
    cat $SOURCES 2>/dev/null | grep -- "\"type\":\"$TYPE\"" | tail -n "$LIMIT"
  else
    cat $SOURCES 2>/dev/null | tail -n "$LIMIT"
  fi
fi