From e7717e6067fb75e293fbb2dec0eda95ebee84e76 Mon Sep 17 00:00:00 2001 From: Arsh Verma Date: Thu, 21 May 2026 13:43:49 +0530 Subject: [PATCH] Potential fix for code scanning alert no. 22: Uncontrolled command line Co-authored-by: Arsh Verma Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .../app/services/local_git_service.py | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/sentinelops-backend/app/services/local_git_service.py b/sentinelops-backend/app/services/local_git_service.py index 6c9a40e..ef9fb4e 100644 --- a/sentinelops-backend/app/services/local_git_service.py +++ b/sentinelops-backend/app/services/local_git_service.py @@ -157,12 +157,17 @@ def _run_git(self, repo_path: str, args: List[str]) -> str: return "" args_key = tuple(args) - if ( - args_key not in self._ALLOWED_GIT_ARGS - and not (len(args) >= 3 and args[0] == "commit" and args[1] == "-m") - ): + is_commit_with_message = len(args) == 3 and args[0] == "commit" and args[1] == "-m" + if args_key not in self._ALLOWED_GIT_ARGS and not is_commit_with_message: logger.warning(f"Blocked git cmd with disallowed args in {repo_path_str}: {args}") return "" + if is_commit_with_message: + safe_commit_message = self._sanitize_commit_message(args[2]) + if not safe_commit_message or safe_commit_message != args[2]: + logger.warning( + f"Blocked git cmd with invalid commit message in {repo_path_str}" + ) + return "" try: result = subprocess.run( @@ -509,6 +514,9 @@ def _sanitize_commit_message(self, message: str) -> str: return "" if "\x00" in cleaned or "\n" in cleaned or "\r" in cleaned: return "" + # Prevent option-like values from being interpreted as git flags. + if cleaned.startswith("-"): + return "" if len(cleaned) > 512: return "" return cleaned