Skip to content

fix: harden security-sensitive execution paths#335

Merged
jackwener merged 3 commits intomainfrom
fix/security-review-2026-03-24
Mar 24, 2026
Merged

fix: harden security-sensitive execution paths#335
jackwener merged 3 commits intomainfrom
fix/security-review-2026-03-24

Conversation

@jackwener
Copy link
Owner

@jackwener jackwener commented Mar 24, 2026
edited
Loading

Summary

  • remove unsafe unknown-command auto-registration so external binaries require explicit opencli register
  • cap HTTP redirect depth and cover redirect-loop regressions
  • fall back to filesystem discovery when cli-manifest.json exists but is invalid
  • move template fallback expression evaluation into a locked-down node:vm sandbox
  • extend install-command security tests for command substitution / multiline input rejection

Validation

  • npm run typecheck
  • npx vitest run src/external.test.ts src/download/index.test.ts src/engine.test.ts src/pipeline/template.test.ts
  • npm run build

@jackwener jackwener changed the title fix(security): harden against command injection and sandbox escape fix: harden security-sensitive execution paths Mar 24, 2026
jackwener and others added 3 commits March 24, 2026 11:28
@jackwener @claude
fix(security): harden against command injection and sandbox escape
bc7250a 
1. cli.ts: Remove auto-discover of arbitrary system binaries via denylist.
   Unknown commands now require explicit registration via `opencli register`.
   The previous denylist approach was trivially bypassable (bash, curl, etc.).

2. template.ts: Protect evalJsExpr against prototype chain escape.
   Block expressions containing constructor/prototype/__proto__/process/etc.
   Deep-copy context objects to sever prototype chains before passing to
   new Function().

3. external.ts: Expand shell operator detection in parseCommand to cover
   $(), $, #, \n, \r — preventing command substitution and comment injection.

4. fetch.ts: Use JSON.stringify for HTTP method in browser evaluate() instead
   of raw string interpolation, preventing JS injection via crafted method values.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@jackwener
fix: harden security-sensitive execution paths
139c62e
@jackwener
chore: tighten template sandbox guard
a0c8a45
@jackwener jackwener force-pushed the fix/security-review-2026-03-24 branch from 41f7431 to a0c8a45 Compare March 24, 2026 03:28
@jackwener jackwener merged commit 53699eb into main Mar 24, 2026
@jackwener jackwener deleted the fix/security-review-2026-03-24 branch March 24, 2026 03:28
@jackwener jackwener mentioned this pull request Mar 24, 2026
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jackwener