Skip to content

🤖 fix: block shell injection via malicious branch names#2691

Open
ibetitsmike wants to merge 2 commits intomainfrom
mike/fix-shell-injection
Open

🤖 fix: block shell injection via malicious branch names#2691
ibetitsmike wants to merge 2 commits intomainfrom
mike/fix-shell-injection

Conversation

@ibetitsmike
Copy link
Contributor

@ibetitsmike ibetitsmike commented Feb 27, 2026

Summary

Fix shell command injection vulnerability where malicious branch names (e.g. $(id>/tmp/pwned)) could execute arbitrary commands when interpolated into shell command strings using double quotes.

Background

4 call sites bypassed the existing shellQuote() utility by using "${path}" (double quotes) in shell command strings. Bash expands $(...) inside double quotes, so any user-controlled string (branch name → workspace path → shell arg) could execute arbitrary commands with the user's full privileges.

Implementation

  • WorktreeManager.ts — Replaced shell-based execAsync("rm -rf ...") with execFileAsync("rm", ["-rf", path]) which uses spawn() with array args (no shell at all). Removed dead execAsync/getBashPath imports.
  • streamManager.ts — Replaced "${path}" with shellQuote(path) (single-quote wrapping, safe against expansion).
  • helpers.ts — Same shellQuote() fix for both plan migration and plan rename paths (5 interpolated values total).

Validation

  • New regression test in WorktreeManager.test.ts: creates a workspace with $(touch ...) in the branch name, force-deletes it, asserts the injected command was NOT executed.
  • make typecheck
  • make lint
  • Targeted test suites pass (WorktreeManager.test.ts, shell.test.ts)

Generated with mux • Model: anthropic:claude-opus-4-6 • Thinking: xhigh • Cost: $3.03

@ibetitsmike
Copy link
Contributor Author

ibetitsmike commented Feb 27, 2026

@codex review

chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Feb 27, 2026
View reviewed changes
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c5a09060c9

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

@ibetitsmike
Copy link
Contributor Author

ibetitsmike commented Feb 27, 2026

@codex review

Addressed the Windows compatibility concern: restored execAsync + getBashPath() shell approach, now with shellQuote() instead of double quotes for injection prevention.

@chatgpt-codex-connector
Copy link

chatgpt-codex-connector bot commented Feb 27, 2026

Codex Review: Didn't find any major issues. 🎉

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ibetitsmike