🛡️ Sentinel: [HIGH] Fix sensitive data leakage in publish flow and regex injection#110
Conversation
…ection - Replace broken custom ignore logic with shutil.ignore_patterns - Expand DEFAULT_IGNORE_PATTERNS to include secrets and api_keys - Use \Z anchor in skill name validation to prevent newline injection - Add security regression tests for publish flow Co-authored-by: renatocaliari <1719651+renatocaliari@users.noreply.github.com>
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
There was a problem hiding this comment.
Code Review
This pull request addresses security vulnerabilities by updating skill name validation regex patterns to use \Z instead of $ to prevent trailing newline bypasses, and replacing a custom, error-prone file exclusion function with standard shutil.ignore_patterns to ensure sensitive files are correctly ignored during publishing. Additionally, new security tests were added. The reviewer recommended expanding the list of ignored patterns to exclude common directories and files like virtual environments, Python bytecode caches, IDE configurations, and OS metadata to prevent leaking local configuration or bloating the repository.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| '*.secret', '*.token', 'secrets', 'credentials', | ||
| 'tokens', 'api_keys', 'mcp-secrets', |
There was a problem hiding this comment.
While the added ignore patterns for secrets and credentials are a great security improvement, there are several other common directories and files that can leak sensitive local configuration, environment details, or unnecessary build/cache artifacts.
Specifically, it is highly recommended to exclude:
- Virtual Environments (
.venv,venv): Can contain local binaries, scripts, and configuration files that might leak sensitive paths or credentials, and they significantly bloat the published repository. - Python Bytecode Cache (
__pycache__,*.pyc): Unnecessary compiled files that shouldn't be published. - IDE/Editor Configurations (
.vscode,.idea): Often contain local workspace settings, task definitions, or launch configurations that might leak local paths or environment variables. - OS Metadata (
.DS_Store): macOS system files that are unnecessary and clutter the repository.
'*.secret', '*.token', 'secrets', 'credentials',
'tokens', 'api_keys', 'mcp-secrets',
'.venv', 'venv', '__pycache__', '*.pyc',
'.vscode', '.idea', '.DS_Store',
🚨 Severity: HIGH
💡 Vulnerability:
publishprocess allowed sensitive directories (e.g.,sessions/) and files (e.g.,models.json) to be copied to the public share repository.$anchor, allowing trailing newlines which could potentially be used for path traversal or other bypasses.🎯 Impact: Sensitive user data, including sessions and local configurations, could be leaked when sharing skills or agents publicly. Newline injection could bypass security checks.
🔧 Fix:
_ignore_funcwithshutil.ignore_patternsingit_publish.pyand expanded the list of default ignore patterns.\Zanchor for strict end-of-string matching inlocal_source.pyandexternal_source.py.✅ Verification:
tests/test_publish_security.py.PR created automatically by Jules for task 11762915296613967833 started by @renatocaliari