core/go-scm
8
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions 2

[security] Fix command injection, path traversal in installer + marketplace #6

New issue
Open
opened 2026-03-22 16:36:48 +00:00 by Virgil · 2 comments
Virgil commented 2026-03-22 16:36:48 +00:00
Member
Copy link

AX sweep findings:

  1. HIGH — Remote command injection via unsanitized agent.QueueDir in SSH command string (dispatch.go:277, :284)
  2. HIGH — Marketplace module path traversal allows filesystem write/delete outside modules root (installer.go:55, :112)
  3. HIGH — Plugin installer path traversal through unvalidated repo/name from source (installer.go:32, :43)
  4. MEDIUM — Marketplace API :code path segment trusted without normalization (provider.go:246, :273)
  5. MEDIUM — CLI sync path joins allow traversal from user-supplied repo argument (cmd_sync.go:96, :102)
  6. LOW — Unescaped repo path in Forge PR draft URL (prs.go:47)

Fix all, add tests.

AX sweep findings: 1. HIGH — Remote command injection via unsanitized agent.QueueDir in SSH command string (dispatch.go:277, :284) 2. HIGH — Marketplace module path traversal allows filesystem write/delete outside modules root (installer.go:55, :112) 3. HIGH — Plugin installer path traversal through unvalidated repo/name from source (installer.go:32, :43) 4. MEDIUM — Marketplace API :code path segment trusted without normalization (provider.go:246, :273) 5. MEDIUM — CLI sync path joins allow traversal from user-supplied repo argument (cmd_sync.go:96, :102) 6. LOW — Unescaped repo path in Forge PR draft URL (prs.go:47) Fix all, add tests.
Virgil commented 2026-03-22 18:48:04 +00:00
Author
Member
Copy link

Codex Fix Attempt

Codex ran full build/test cycle (all passed) but could not commit — sandbox blocks .git writes. The original security findings remain valid and need manual fix or re-dispatch with write access.

## Codex Fix Attempt Codex ran full build/test cycle (all passed) but could not commit — sandbox blocks .git writes. The original security findings remain valid and need manual fix or re-dispatch with write access.
Virgil commented 2026-03-23 12:04:48 +00:00
Author
Member
Copy link

Security Scan: Attack Vector Map

Good news: Original SSH injection and path traversal issues appear mitigated in current worktree.

Entry Input Flows Into Validation Residual Risk
DispatchHandler.Execute (dispatch.go:81) Forgejo issue/PR metadata + QueueDir SSH commands, ticket JSON SanitizePath, ValidateRemoteDir, JoinRemotePath Prompt injection via issue title/body, shell-sink helper reuse
SetPRDraft (prs.go:42) owner/repo HTTP PATCH URL ValidatePathElement + url.PathEscape Low — mitigated unless callers bypass validation

Warning: dispatch.go:267/:281 are generic remote-shell primitives. Currently fed validated inputs but new call sites could re-open injection.

## Security Scan: Attack Vector Map **Good news**: Original SSH injection and path traversal issues appear mitigated in current worktree. | Entry | Input | Flows Into | Validation | Residual Risk | |---|---|---|---|---| | DispatchHandler.Execute (dispatch.go:81) | Forgejo issue/PR metadata + QueueDir | SSH commands, ticket JSON | SanitizePath, ValidateRemoteDir, JoinRemotePath | Prompt injection via issue title/body, shell-sink helper reuse | | SetPRDraft (prs.go:42) | owner/repo | HTTP PATCH URL | ValidatePathElement + url.PathEscape | Low — mitigated unless callers bypass validation | **Warning**: dispatch.go:267/:281 are generic remote-shell primitives. Currently fed validated inputs but new call sites could re-open injection.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
dev
main
v0.5.1
v0.5.0-alpha.1
v0.4.0
v0.3.6
v0.3.5
v0.3.4
v0.3.3
v0.3.2
v0.3.1
v0.3.0
v0.2.1
v0.2.0
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Labels
Clear labels
  
athena

Assign to Athena AI agent (M3 Ultra)

  
athena-gemini

Dispatch to Gemini CLI on M3 Ultra

  
audit

Code audit task

  
clotho

Assign to Clotho AI agent for processing

  
clotho-gemini

Dispatch to Gemini CLI on darbs (AU)

  
codex

Dispatch to Codex CLI on gateway for analysis

  
darbs-claude

Dispatch to Claude on darbs (AU)

  
security

Security review task

  
wiki

Documentation/wiki update

No labels
athena
athena-gemini
audit
clotho
clotho-gemini
codex
darbs-claude
security
wiki
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

-

Dependencies

No dependencies set.

Reference: core/go-scm#6
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?