Vault secret escaping does not cover single quotes or backticks

[umag]

Summary

The vault secret escaping in model_resolver.ts (lines 775-780) covers double quotes, backslashes, and whitespace characters, but does not escape single quotes (') or backticks (`). The vault.get regex at line 758 accepts all three quote styles as argument delimiters. While the double-quote wrapping at line 783 mitigates the single-quote case for CEL evaluation, this is an incomplete defense-in-depth.

Affected Code

model_resolver.ts lines 775-780:

const escapedValue = secretValue
  .replace(/\\/g, "\\\\")
  .replace(/"/g, '\\"')
  .replace(/\n/g, "\\n")
  .replace(/\r/g, "\\r")
  .replace(/\t/g, "\\t");
// Missing: no .replace for ' or `

Line 758 — regex accepts ', ", and ` as quote delimiters:

/vault\.get\(\s*(['"`]?)([^'"`\s,]+)\1\s*,\s*(['"`]?)([^'"`\s,]+)\3\s*\)/g

Steps to Reproduce

A secret value like p@ss'w0rd or value`with`backticks passes through escaping unchanged. While currently mitigated by the "${escapedValue}" wrapping, future changes to the quoting strategy could expose this gap.

Expected Behavior

All quote characters accepted by the vault.get regex should be escaped in secret values for defense-in-depth.

Fix Approach

Add .replace(/'/g, "\\'") and .replace(//g, "\") to the escape chain.

[github-actions]

Hi @umag, thanks for opening this issue!

We appreciate you taking the time to report it. A maintainer will review it as soon as possible.

In the meantime, please make sure you've included all relevant details (steps to reproduce, expected vs actual behaviour, swamp version, etc.) to help us triage it quickly.

[stack72]

Thanks for the detailed write-up @umag!

After reviewing the code, this is a low severity concern rather than an active vulnerability. Here's why:

The escaping at lines 775-780 is followed by wrapping the value in double quotes ("${escapedValue}"). In CEL, inside a double-quoted string, single quotes (') and backticks (`) are ordinary literal characters with no special meaning — they cannot break out of the string or inject CEL expressions. So a secret like p@ss'w0rd correctly becomes "p@ss'w0rd" in CEL, which is a valid string literal.

Your framing of this as "incomplete defense-in-depth" is accurate. The risk is future-facing: if the wrapping strategy were ever changed (e.g., to single quotes or template literals), the escaping logic would silently become insufficient. Adding the two extra .replace() calls would make the escaping self-contained and robust to that kind of change.

We'll look at adding those escapes as a low-priority cleanup. Thanks again for taking the time to investigate and report this!

[stack72]

Fix Plan

The vault.get() regex in model_resolver.ts accepts single quotes, double quotes, and backticks as argument delimiters, but the escaping logic only handles double quotes (plus backslashes and whitespace characters). While the current double-quote wrapping ("${escapedValue}") means single quotes and backticks can't break out of the string in CEL today, adding escapes for these characters provides defense-in-depth against future quoting strategy changes.

1. Add escape replacements in model_resolver.ts

File: src/domain/expressions/model_resolver.ts (~line 780)

Add two .replace() calls to the escape chain, after the double-quote escape:

const escapedValue = secretValue
  .replace(/\\/g, "\\\\")
  .replace(/"/g, '\\"')
  .replace(/'/g, "\\'")        // NEW
  .replace(/`/g, "\\`")        // NEW
  .replace(/\n/g, "\\n")
  .replace(/\r/g, "\\r")
  .replace(/\t/g, "\\t");

2. Add test cases in vault_expression_test.ts

File: src/domain/vaults/vault_expression_test.ts

Add two new test cases following the existing pattern:

• Single quotes in secret value: e.g. p@ss'w0rd → "p@ss\'w0rd"
• Backticks in secret value: e.g. value`with`backticks → "value\`with\`backticks"

Verification

1. deno check — type checking
2. deno lint — linting
3. deno fmt — formatting
4. deno run test — full test suite