Skip to content

harden shell escaping, path traversal, and prompt injection defenses#248

Merged
JeremyDev87 merged 1 commit intomainfrom
security/harden-input-sanitization
Feb 17, 2026
Merged

harden shell escaping, path traversal, and prompt injection defenses#248
JeremyDev87 merged 1 commit intomainfrom
security/harden-input-sanitization

Conversation

@JeremyDev87
Copy link
Owner

@JeremyDev87 JeremyDev87 commented Feb 17, 2026

Summary

  • Shell escaping: Add 8 missing metacharacters (;, |, &, (, ), <, >, #) to escapeForShellArg() to prevent command injection via issue labels/author fields
  • Path traversal: Add ensureSafePath() function validating config_path, system_prompt_path, rules_path inputs stay within workspace directory
  • Prompt injection: Add cross-tag delimiter escaping so wrapUserContent also escapes <repository-configuration> tags and vice versa, preventing trust zone breakout
  • Temp file predictability: Replace Date.now() with crypto.randomUUID() for non-guessable temp filenames
  • Config-derived path validation: Validate rules_path from config file (not just action inputs) before loading

Test plan

  • 49 sanitize tests pass (8 new metacharacter tests, 7 ensureSafePath tests, 2 cross-tag tests)
  • All 443 tests pass
  • Lint + typecheck + build all pass

@JeremyDev87
fix: harden shell escaping, path traversal, and prompt injection defe…
0725f5d 
…nses

- Add 8 shell metacharacters to escapeForShellArg (;|&()<>#)
- Add ensureSafePath() for path traversal prevention at input boundary
- Add cross-tag delimiter escaping in wrapUserContent/wrapRepoConfiguration
- Use crypto.randomUUID() for non-predictable temp filenames
- Validate config-derived rules_path before loading
@JeremyDev87 JeremyDev87 self-assigned this Feb 17, 2026
@JeremyDev87 JeremyDev87 changed the title fix: harden shell escaping, path traversal, and prompt injection defenses harden shell escaping, path traversal, and prompt injection defenses Feb 17, 2026
@JeremyDev87 JeremyDev87 merged commit 044e065 into main Feb 17, 2026
13 checks passed
@JeremyDev87 JeremyDev87 deleted the security/harden-input-sanitization branch February 17, 2026 02:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@JeremyDev87 JeremyDev87

Labels

fix

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JeremyDev87