[Guitar Tools] Add audio device selection for external audio interfaces #24280
+206
−6
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
raycastbot
added
extension fix / improvement
Collaborator
|
Thank you for your first contribution! 🎉 🔔 @narghev you might want to have a look. You can use this guide to learn how to check out the Pull Request locally in order to test it. 📋 Quick checkout commandsBRANCH="main"
FORK_URL="https://github.com/4fun50/extensions.git"
EXTENSION_NAME="guitar-tools"
REPO_NAME="extensions"
git clone -n --depth=1 --filter=tree:0 -b $BRANCH $FORK_URL
cd $REPO_NAME
git sparse-checkout set --no-cone "extensions/$EXTENSION_NAME"
git checkout
cd "extensions/$EXTENSION_NAME"
npm install && npm run devDue to our current reduced availability, the initial review may take up to 10-15 business days. |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Greptile Overview
Greptile Summary
This PR adds audio device selection functionality to the Guitar Tools extension, allowing users to choose their preferred audio input device (particularly useful for external audio interfaces).
Key changes:
- New "List Audio Devices" command that parses
system_profileroutput to display available audio input devices - LocalStorage-based persistence for selected device preference
- Modified tuner to use selected device via Sox's CoreAudio interface
Critical issue found:
- Shell injection vulnerability in
note.utils.tsline 67 where device name is interpolated into shell command without proper escaping
Minor issues:
- CHANGELOG has duplicate headers and inconsistent dates
- React key using array index instead of unique identifier
Confidence Score: 2/5
- This PR has a critical security vulnerability that must be fixed before merging
- Score reflects the shell injection vulnerability in note.utils.ts where the audio device name is inserted into a shell command without proper escaping. This could allow command injection if a device name contains shell metacharacters. The rest of the implementation is sound.
- Pay critical attention to
extensions/guitar-tools/src/utils/note.utils.ts- the shell command construction needs proper escaping
Important Files Changed
File Analysis
| Filename | Score | Overview |
|---|---|---|
| extensions/guitar-tools/src/utils/note.utils.ts | 2/5 | Added audio device selection with shell injection vulnerability in command construction (line 67) |
| extensions/guitar-tools/src/list-audio-devices.tsx | 4/5 | New command to list and select audio devices, uses array index as React key which should be unique ID |
| extensions/guitar-tools/CHANGELOG.md | 4/5 | Updated with new features, has duplicate headers and date inconsistencies |
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
0xdhrv
reviewed
Jan 8, 2026
Contributor
|
Hi 👋 Thanks for your contribution 💪 I have now tested your extension, and I have some feedback ready for you:
I'm looking forward to testing this extension again 🔥 I converted this PR into a draft until it's ready for the review, please press the button Feel free to contact me here or at Slack if you have any questions. |
Remove duplicate headers and fix date inconsistencies
Fix shell injection vulnerability in audio device selection
0xdhrv
reviewed
Jan 8, 2026
Co-authored-by: Dhruv Suthar <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR adds the ability to select a preferred audio input device for the Guitar Tools tuner, which is particularly useful for guitarists using external audio interfaces or sound cards to connect their instruments.
Changes
How to use
Testing
Tested successfully with:
Screenshots
(Optional: you can add screenshots later if needed)