Skip to content

🛡️ Sentinel: [HIGH] Fix sensitive data leakage and newline injection#105

Open
calionauta wants to merge 1 commit into
mainfrom
sentinel/remediate-high-vulns-15471328734046121590
Open

🛡️ Sentinel: [HIGH] Fix sensitive data leakage and newline injection#105
calionauta wants to merge 1 commit into
mainfrom
sentinel/remediate-high-vulns-15471328734046121590

Conversation

@calionauta

Copy link
Copy Markdown
Owner

🚨 Severity: HIGH
💡 Vulnerability:

  1. Broken file exclusion logic in the publish flow allowed sensitive data (like sessions directories and models.json) to be published to public repositories.
  2. Regex newline injection vulnerability in skill name validation ($ instead of \Z).

🎯 Impact:

  1. Potential exposure of private agent sessions, API keys, and credentials if they are present in the synced directories during a share run (publish) operation.
  2. Potential argument injection if validated skill names are passed to shell commands.

🔧 Fix:

  1. Refactored _ignore_func in src/agent_sync/publish/git_publish.py to use fnmatch.fnmatch for robust pattern matching.
  2. Updated _is_valid_skill_name in src/agent_sync/publish/local_source.py and src/agent_sync/publish/external_source.py to use the \Z anchor.

✅ Verification:

  1. Created tests/test_security_remediation.py which includes:
    • Unit tests for the fixed _ignore_func.
    • Unit tests for the fixed regex patterns.
    • Integration test verifying shutil.copytree correctly excludes sensitive files in destination.
  2. Ran existing tests/test_security.py and tests/test_publish_git.py to ensure no regressions. All 22 tests passed.

PR created automatically by Jules for task 15471328734046121590 started by @renatocaliari

- Refactor `_ignore_func` to use `fnmatch` for robust sensitive file filtering in publish flow.
- Fix regex newline injection by replacing `$` with `\Z` in skill name validation.
- Add security regression tests in `tests/test_security_remediation.py`.

Co-authored-by: renatocaliari <1719651+renatocaliari@users.noreply.github.com>
@google-labs-jules

Copy link
Copy Markdown
Contributor

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.


For security, I will only act on instructions from the user who triggered this task.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request addresses security vulnerabilities by updating skill name validation regexes in both local and external sources to use '\Z' instead of '$', preventing trailing newline bypasses. It also refactors the file exclusion logic in 'git_publish.py' to use the standard 'fnmatch' library for more robust pattern matching, and adds corresponding unit and integration tests. The feedback suggests moving the 'fnmatch' import to the top of the file for cleaner, more idiomatic code.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.


def _ignore_func(*patterns):
"""Create a callable that returns a list of filenames to ignore."""
import fnmatch

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

While local imports are sometimes used in this codebase to prevent circular dependencies, fnmatch is a standard library module and does not present any circular import risks. It is cleaner and more idiomatic to place this import at the top of the file with the other standard library imports.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant