🔒 Fix command injection vulnerability in command_exists

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>

Author: badMade

.jules/sentinel.md

@@ -2,3 +2,23 @@
 **Vulnerability:** Path traversal existed in both the Python (`src/session_store.py`) and Rust (`rust/crates/runtime/src/session_control.rs`) implementations because unsanitized `session_id` strings were used directly in file paths.
 **Learning:** Both reference implementations lacked central validation logic for system identifiers derived from external/user input.
 **Prevention:** Always validate and restrict identifier parameters (like session IDs) by checking for explicit disallow-lists (like path separators `/`, `\`, and directory traversal markers `.`, `..`) before using them in file operations.
+
+## 2025-02-24 - [Command Injection via String Formatting in Shell Invocations]
+
+**Vulnerability:**
+Using `format!` or string concatenation to build commands passed to `sh -c` directly injects user-controlled input into the shell environment without proper sanitization, enabling command injection (e.g., passing `nonexistent; echo injected`).
+
+**Learning:**
+Even if commands seem innocuous or are just fetching basic system properties, formatting strings directly into `-c` shell flags compromises security in Rust when input comes from users or dynamic sources.
+
+**Prevention:**
+Always use positional shell arguments to safely handle user input. Instead of `sh -c format!("cmd {}", user_input)`, write `sh -c 'cmd "$1"' -- user_input`.
+For example, in Rust's `Command` builder:
+```rust
+std::process::Command::new("sh")
+    .arg("-c")
+    .arg("command -v \"$1\" >/dev/null 2>&1")
+    .arg("--")
+    .arg(command)
+```
+This guarantees the shell interprets the user input purely as a string argument and not as executable commands.

append_test.py

@@ -0,0 +1,20 @@
+import re
+
+with open("rust/crates/tools/src/lib.rs", "r") as f:
+    content = f.read()
+
+test_content = """    #[test]
+    fn test_command_exists_injection_prevention() {
+        // Try to inject a command
+        let injected_command = "nonexistent_command; echo 'injected'";
+
+        // This should return false and NOT execute the injected command
+        assert!(!command_exists(injected_command));
+    }
+}"""
+
+content = re.sub(r'}\s*$', test_content + '\n', content)
+
+with open("rust/crates/tools/src/lib.rs", "w") as f:
+    f.write(content)
+print("Appended successfully")

fix_command_exists.patch

@@ -0,0 +1,14 @@
+--- rust/crates/tools/src/lib.rs
++++ rust/crates/tools/src/lib.rs
+@@ -5150,8 +5150,9 @@
+
+ fn command_exists(command: &str) -> bool {
+     std::process::Command::new("sh")
+         .arg("-c")
+-        .arg(format!("command -v {command} >/dev/null 2>&1"))
++        .arg("command -v \"$1\" >/dev/null 2>&1")
++        .arg("--")
++        .arg(command)
+         .status()
+         .map(|status| status.success())
+         .unwrap_or(false)

fix_command_exists.py

@@ -0,0 +1,34 @@
+import re
+
+with open("rust/crates/tools/src/lib.rs", "r") as f:
+    content = f.read()
+
+old_code = """fn command_exists(command: &str) -> bool {
+    std::process::Command::new("sh")
+        .arg("-c")
+        .arg("command -v "$1" >/dev/null 2>&1")
+        .arg("--")
+        .arg(command)
+        .status()
+        .map(|status| status.success())
+        .unwrap_or(false)
+}"""
+
+new_code = """fn command_exists(command: &str) -> bool {
+    std::process::Command::new("sh")
+        .arg("-c")
+        .arg("command -v \\\"$1\\\" >/dev/null 2>&1")
+        .arg("--")
+        .arg(command)
+        .status()
+        .map(|status| status.success())
+        .unwrap_or(false)
+}"""
+
+if old_code in content:
+    content = content.replace(old_code, new_code)
+    with open("rust/crates/tools/src/lib.rs", "w") as f:
+        f.write(content)
+    print("Replaced successfully")
+else:
+    print("Could not find the target codeblock.")

fix_test_import.py

@@ -0,0 +1,10 @@
+import re
+
+with open("rust/crates/tools/src/lib.rs", "r") as f:
+    content = f.read()
+
+content = content.replace("assert!(!command_exists(injected_command));", "assert!(!crate::command_exists(injected_command));")
+
+with open("rust/crates/tools/src/lib.rs", "w") as f:
+    f.write(content)
+print("Fixed successfully")

revert_tests.py

@@ -0,0 +1,28 @@
+import re
+
+with open("rust/crates/tools/src/lib.rs", "r") as f:
+    content = f.read()
+
+bad_content = """
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_command_exists_injection_prevention() {
+        // Try to inject a command
+        let injected_command = "nonexistent_command; echo 'injected'";
+
+        // This should return false and NOT execute the injected command
+        assert!(!command_exists(injected_command));
+    }
+}
+"""
+
+if bad_content in content:
+    content = content.replace(bad_content, "")
+    with open("rust/crates/tools/src/lib.rs", "w") as f:
+        f.write(content)
+    print("Reverted successfully")
+else:
+    print("Could not find bad content")

rust/crates/tools/src/lib.rs

@@ -5151,7 +5151,9 @@ fn detect_powershell_shell() -> std::io::Result<&'static str> {
 fn command_exists(command: &str) -> bool {
     std::process::Command::new("sh")
         .arg("-c")
-        .arg(format!("command -v {command} >/dev/null 2>&1"))
+        .arg("command -v \"$1\" >/dev/null 2>&1")
+        .arg("--")
+        .arg(command)
         .status()
         .map(|status| status.success())
         .unwrap_or(false)
@@ -8583,4 +8585,12 @@ printf 'pwsh:%s' "$1"
             .into_bytes()
         }
     }
+    #[test]
+    fn test_command_exists_injection_prevention() {
+        // Try to inject a command
+        let injected_command = "nonexistent_command; echo 'injected'";
+
+        // This should return false and NOT execute the injected command
+        assert!(!crate::command_exists(injected_command));
+    }
 }