fix(security): harden git_gate.py shell rendering with shlex.quote and name validation

Use shlex.quote() on name and upstream_url in git_gate_render_entrypoint() so special characters (single quotes, spaces, semicolons) cannot break or inject into the generated sh script. Add _GIT_NAME_RE validation in GitEntry.from_repos_entry() to restrict repo names to [A-Za-z0-9._-]+, making the manifest the first line of defence and shlex.quote() the belt-and-suspenders backstop. Closes #155
2026-06-03 04:40:21 +00:00
parent 8c9d4fbc46
commit cc0c952d0b
4 changed files with 104 additions and 11 deletions
@@ -29,6 +29,7 @@ backend-specific and lives on concrete subclasses (see

 from __future__ import annotations

+import shlex
 from abc import ABC, abstractmethod
 from dataclasses import dataclass
 from pathlib import Path
@@ -207,10 +208,7 @@ def git_gate_render_entrypoint(upstreams: tuple[GitGateUpstream, ...]) -> str:
        "mkdir -p /git",
    ]
    for u in upstreams:
-        # Single-quote args so URL/path content (containing : and /)
-        # passes through ash unmangled. Names came through the manifest
-        # validator so they don't contain a single quote.
-        lines.append(f"init_repo '{u.name}' '{u.upstream_url}'")
+        lines.append(f"init_repo {shlex.quote(u.name)} {shlex.quote(u.upstream_url)}")
    lines.extend([
        "",
        "exec git daemon \\",