didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

Harden git_gate.py shell rendering with shlex.quote and name validation #155

New Issue
Closed
opened 2026-06-02 22:30:42 -04:00 by didericis-claude · 0 comments
didericis-claude commented 2026-06-02 22:30:42 -04:00
Collaborator
Copy Link
Copy Source

Tracked from the medium-priority refactoring playbook in #154.

git_gate_render_entrypoint() passes GitEntry.Name and upstream_url into a POSIX shell script using single-quoted interpolation. GitEntry.Name is only validated for non-empty, so a name containing a single quote (e.g. o'reilly) will break the generated script and could allow injection into the entrypoint.

Work

  • Apply shlex.quote() to name and upstream_url before interpolation in git_gate_render_entrypoint() (and any other rendering functions that embed manifest-controlled values into shell).
  • Add a validation rule in GitEntry (or _from_object()) that rejects names containing characters unsafe for shell identifiers, or rely on shlex.quote() and document that names are quoted.
  • Add regression tests with pathological Name and Upstream values (single quotes, spaces, semicolons) to pin the fix.
Tracked from the medium-priority refactoring playbook in #154. `git_gate_render_entrypoint()` passes `GitEntry.Name` and `upstream_url` into a POSIX shell script using single-quoted interpolation. `GitEntry.Name` is only validated for non-empty, so a name containing a single quote (e.g. `o'reilly`) will break the generated script and could allow injection into the entrypoint. ## Work - Apply `shlex.quote()` to `name` and `upstream_url` before interpolation in `git_gate_render_entrypoint()` (and any other rendering functions that embed manifest-controlled values into shell). - Add a validation rule in `GitEntry` (or `_from_object()`) that rejects names containing characters unsafe for shell identifiers, or rely on `shlex.quote()` and document that names are quoted. - Add regression tests with pathological `Name` and `Upstream` values (single quotes, spaces, semicolons) to pin the fix.
didericis added the Kind/SecurityKind/Enhancement labels 2026-06-02 23:34:26 -04:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label Kind/Enhancement Kind/Security
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#155
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?