APEX/BrowserUse_and_ComputerUse_skills
5
0
Fork 0
Code Issues 6 Pull requests 1 Projects 1 Releases Packages Wiki Activity Actions

fix(security): prevent shell injection in _expand_path via ~user path suffix (#2047)

Browse source 
echo was called with the full unquoted path (~username/suffix), allowing
command substitution in the suffix (e.g. ~user/$(malicious)) to execute
arbitrary shell commands. The fix expands only the validated ~username
portion via the shell and concatenates the suffix as a plain string.

Co-authored-by: Gutslabs <gutslabsxyz@gmail.com>
This commit is contained in:
Teknium 2026-03-23 16:00:34 -07:00 committed by GitHub
parent f9c2565ab4
commit 73a88a02fe
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tools/file_operations.py
View file

@ -433,9 +433,13 @@ class ShellFileOperations(FileOperations):
slash_idx = rest.find('/') slash_idx = rest.find('/')
username = rest[:slash_idx] if slash_idx >= 0 else rest username = rest[:slash_idx] if slash_idx >= 0 else rest
if username and re.fullmatch(r'[a-zA-Z0-9._-]+', username): if username and re.fullmatch(r'[a-zA-Z0-9._-]+', username):
expand_result = self._exec(f"echo {path}") # Only expand ~username (not the full path) to avoid shell
# injection via path suffixes like "~user/$(malicious)".
expand_result = self._exec(f"echo ~{username}")
if expand_result.exit_code == 0 and expand_result.stdout.strip(): if expand_result.exit_code == 0 and expand_result.stdout.strip():
return expand_result.stdout.strip() user_home = expand_result.stdout.strip()
suffix = path[1 + len(username):] # e.g. "/rest/of/path"
return user_home + suffix
return path return path