didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

Add regression tests for shell escaping with malicious Name/Upstream values #159

New Issue
Closed
opened 2026-06-02 22:30:43 -04:00 by didericis-claude · 0 comments
didericis-claude commented 2026-06-02 22:30:43 -04:00
Collaborator
Copy Link
Copy Source

Tracked from the medium-priority refactoring playbook in #154.

The git-gate shell rendering functions (git_gate_render_entrypoint, git_gate_render_hook, git_gate_render_access_hook) embed manifest-controlled values (GitEntry.Name, upstream_url) into generated POSIX shell scripts. There are currently no tests that exercise pathological values, so regressions in escaping would go undetected.

Work

  • Add unit tests for each rendering function that pass GitEntry objects with names/upstreams containing: single quotes, double quotes, spaces, semicolons, newlines, and backticks.
  • Assert the rendered output is syntactically valid shell (e.g. parse with bash -n or sh -n in a subprocess) and that the embedded values are correctly quoted/escaped.
  • These tests should be added alongside or after the shlex.quote hardening in the related issue.
Tracked from the medium-priority refactoring playbook in #154. The git-gate shell rendering functions (`git_gate_render_entrypoint`, `git_gate_render_hook`, `git_gate_render_access_hook`) embed manifest-controlled values (`GitEntry.Name`, `upstream_url`) into generated POSIX shell scripts. There are currently no tests that exercise pathological values, so regressions in escaping would go undetected. ## Work - Add unit tests for each rendering function that pass `GitEntry` objects with names/upstreams containing: single quotes, double quotes, spaces, semicolons, newlines, and backticks. - Assert the rendered output is syntactically valid shell (e.g. parse with `bash -n` or `sh -n` in a subprocess) and that the embedded values are correctly quoted/escaped. - These tests should be added alongside or after the `shlex.quote` hardening in the related issue.
didericis added the Kind/EnhancementKind/Security labels 2026-06-02 23:32:38 -04:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label Kind/Enhancement Kind/Security
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#159
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?