🔒 Fix command injection vulnerability in command_exists function

[badMade]

🎯 What: The command_exists function inside rust/crates/tools/src/lib.rs had a command injection vulnerability where a user-provided string was directly injected into sh -c using format!().

⚠️ Risk: By directly interpolating command into the format string of sh -c, a maliciously crafted string such as ls; rm -rf / could execute unintended logic, compromising the host system or container environment.

🛡️ Solution: Modified the call to pass the user input as a distinct positional argument ($1) to the sh script by injecting "command -v \"$1\" >/dev/null 2>&1", followed by -- and the original command argument. Added a unit test to verify that standard commands (like ls) return true, while malicious strings (like ls; echo injected) are safely handled and return false.

---

PR created automatically by Jules for task 4207213518264608965 started by @badMade

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[Copilot]

Pull request overview

Fixes a command injection risk in the Rust tools crate by avoiding direct interpolation of untrusted input into a sh -c command string.

Changes:

• Updates command_exists to pass the command name as a positional parameter ($1) rather than interpolating into the shell script.
• Adds a unit test intended to ensure malicious strings are not treated as valid commands.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[Copilot]

Pull request overview

This PR mitigates a command injection risk in the Rust tools crate by changing how command_exists invokes sh -c, ensuring user-supplied command strings are not interpolated into shell source.

Changes:

• Reworked command_exists to pass the command name as a positional parameter ($1) instead of interpolating it into the shell script.
• Added a unit test covering both normal command names and an injection-like string (ls; echo injected).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[badMade]

@claude code review

@codex code review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Can't wait for the next one!

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[badMade]

@gemini-code-assist, what are the steps and line numbers to make this fix?

[gemini-code-assist]

The fix for the command injection vulnerability has already been implemented in rust/crates/tools/src/lib.rs. Here are the details of the changes:

1. Modifying command_exists

Instead of using format! to interpolate the user-provided string directly into the shell command (which allows for injection), the code now passes the command as a separate argument to sh. This ensures the input is treated as a literal string rather than part of the shell command structure.

File: rust/crates/tools/src/lib.rs
Lines: 5154–5156

5154:        .arg("command -v \"$1\" >/dev/null 2>&1")
5155:        .arg("--")
5156:        .arg(command)

2. Adding a Unit Test

A new test case was added to verify that the function correctly handles standard commands while safely rejecting malicious inputs (like ls; echo injected).

File: rust/crates/tools/src/lib.rs
Lines: 8589–8596

8589:    #[test]
8590:    fn test_command_exists() {
8591:        assert!(super::command_exists("ls") || super::command_exists("dir"));
8592:        assert!(!super::command_exists("ls; echo injected"));
8593:        assert!(!super::command_exists(
8594:            "this_command_should_not_exist_12345"
8595:        ));
8596:    }

These changes effectively neutralize the vulnerability by preventing the shell from interpreting user input as executable commands.