fix(security): remove shell injection surface and block directory traversal#47
Merged
stackbilt-admin merged 1 commit intomainfrom Mar 9, 2026
Merged
Conversation
…versal Closes #43: Remove shell: true from runGit() in git-helpers.ts. Node.js resolves the git binary via PATH directly without a shell on WSL, Linux, macOS, and Windows. shell: true is unnecessary and allows shell metacharacters in args to be interpreted as shell syntax. Closes #42: Validate module paths in adf create before path.join. Paths containing ".." or absolute paths are rejected with a clear error. A secondary resolved-path check confirms the final path stays within the .ai/ directory, guarding against platform-specific bypass patterns. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two targeted security fixes with no functional behavior change for valid inputs.
shell: true in git operations creates command injection vector #43 —
shell: truein git operations (HIGH): Removedshell: truefromrunGit()ingit-helpers.ts. Node.js resolves thegitbinary via PATH directly on WSL, Linux, macOS, and Windows without needing a shell. The flag was a historical cross-platform workaround that is no longer necessary and creates a surface where shell metacharacters in args could be interpreted as shell syntax.Directory traversal vulnerability in ADF module path construction #42 — Directory traversal in
adf create(HIGH): User-supplied module names are now validated beforepath.join. Paths containing..or absolute paths are rejected immediately. A secondary resolved-path check confirms the final path stays withinaiDir, guarding against platform-specific bypass patterns (e.g. URL-encoded separators).Test plan
charter adf create ../../../etc/passwd→ rejected with clear errorcharter adf create /absolute/path→ rejected with clear errorcharter adf create my-module→ works as beforecharter adf create subdir/my-module→ works as beforerunGit()still resolves git correctly on WSL (PATH-based resolution)🤖 Generated with Claude Code