From 02c76d3e8c4182d165ab67a6740a8f2f9ae4f864 Mon Sep 17 00:00:00 2001 From: Tyrone Robb Date: Wed, 18 Mar 2026 09:09:50 +0000 Subject: [PATCH] fix: harden gstack-slug against shell injection via eval MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Whitelist safe characters (a-zA-Z0-9._-) in SLUG and BRANCH output to prevent shell metacharacter injection when used with eval. Only affects self-hosted git servers with lax naming rules — GitHub and GitLab enforce safe characters already. Defense-in-depth. --- bin/gstack-slug | 6 ++++-- test/skill-validation.test.ts | 9 +++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/bin/gstack-slug b/bin/gstack-slug index 7336b7b4..14b8b8d0 100755 --- a/bin/gstack-slug +++ b/bin/gstack-slug @@ -3,7 +3,9 @@ # Usage: eval $(gstack-slug) → sets SLUG and BRANCH variables # Or: gstack-slug → prints SLUG=... and BRANCH=... lines set -euo pipefail -SLUG=$(git remote get-url origin 2>/dev/null | sed 's|.*[:/]\([^/]*/[^/]*\)\.git$|\1|;s|.*[:/]\([^/]*/[^/]*\)$|\1|' | tr '/' '-') -BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null | tr '/' '-') +# tr -cd strips any shell metacharacters (;$`|&! etc) from git-derived values +# to prevent injection via eval $(gstack-slug). See: #133 +SLUG=$(git remote get-url origin 2>/dev/null | sed 's|.*[:/]\([^/]*/[^/]*\)\.git$|\1|;s|.*[:/]\([^/]*/[^/]*\)$|\1|' | tr '/' '-' | tr -cd 'a-zA-Z0-9._-') +BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null | tr '/' '-' | tr -cd 'a-zA-Z0-9._-') echo "SLUG=$SLUG" echo "BRANCH=$BRANCH" diff --git a/test/skill-validation.test.ts b/test/skill-validation.test.ts index bd0e205b..072c78f2 100644 --- a/test/skill-validation.test.ts +++ b/test/skill-validation.test.ts @@ -793,6 +793,15 @@ describe('gstack-slug', () => { expect(lines[0]).toMatch(/^SLUG=.+/); expect(lines[1]).toMatch(/^BRANCH=.+/); }); + + test('output values contain only safe characters (no shell metacharacters)', () => { + const result = Bun.spawnSync([SLUG_BIN], { cwd: ROOT, stdout: 'pipe', stderr: 'pipe' }); + const slug = result.stdout.toString().match(/SLUG=(.*)/)?.[1] ?? ''; + const branch = result.stdout.toString().match(/BRANCH=(.*)/)?.[1] ?? ''; + // Only alphanumeric, dot, dash, underscore are allowed (#133) + expect(slug).toMatch(/^[a-zA-Z0-9._-]+$/); + expect(branch).toMatch(/^[a-zA-Z0-9._-]+$/); + }); }); // --- Test Bootstrap validation ---