From 13bc24e71ed81f36dbb2b7672b8b59149d0fb443 Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Sun, 21 Jun 2026 16:40:05 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[CRITICAL]?= =?UTF-8?q?=20Fix=20arbitrary=20code=20execution=20via=20git=20config=20in?= =?UTF-8?q?=20untrusted=20repositories?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: tachyon-beep <544926+tachyon-beep@users.noreply.github.com> --- .jules/sentinel.md | 4 ++++ src/wardline/core/delta.py | 10 ++++++---- src/wardline/core/legis.py | 5 +++-- tests/unit/core/test_delta.py | 12 ++++++++++-- 4 files changed, 23 insertions(+), 8 deletions(-) create mode 100644 .jules/sentinel.md diff --git a/.jules/sentinel.md b/.jules/sentinel.md new file mode 100644 index 00000000..47aaf478 --- /dev/null +++ b/.jules/sentinel.md @@ -0,0 +1,4 @@ +## 2024-05-24 - Arbitrary code execution via git config in untrusted repositories +**Vulnerability:** Calling `git` without disabling `core.fsmonitor` allows local code execution from `.git/config` when run against an untrusted repository. +**Learning:** Python`s `subprocess.run(["git", ...])` is vulnerable to RCE if an attacker provides a malicious `.git/config` configuring `core.fsmonitor` to execute arbitrary shell scripts. Although `src/wardline/core/attest.py` properly safeguarded this with `_SAFE_GIT_CONFIG`, other files (`delta.py`, `legis.py`) were not using it. +**Prevention:** Always use `_SAFE_GIT_CONFIG = ("-c", "core.fsmonitor=false")` for any git invocations via `subprocess` against directories that might be untrusted, especially inside static analyzers. diff --git a/src/wardline/core/delta.py b/src/wardline/core/delta.py index c4d63f0e..0c073664 100644 --- a/src/wardline/core/delta.py +++ b/src/wardline/core/delta.py @@ -8,6 +8,8 @@ from wardline.core.errors import WardlineError +_SAFE_GIT_CONFIG = ("-c", "core.fsmonitor=false") + if TYPE_CHECKING: from wardline.scanner.index import Entity @@ -22,7 +24,7 @@ def get_changed_files_since(ref: str, root: Path) -> set[str]: # 1. Get the git toplevel directory. try: res = subprocess.run( - ["git", "rev-parse", "--show-toplevel"], + ["git", *_SAFE_GIT_CONFIG, "rev-parse", "--show-toplevel"], cwd=root, capture_output=True, text=True, @@ -38,7 +40,7 @@ def get_changed_files_since(ref: str, root: Path) -> set[str]: # 2. Resolve ref to a verified object id before passing it to git diff. try: res = subprocess.run( - ["git", "rev-parse", "--verify", "--end-of-options", ref], + ["git", *_SAFE_GIT_CONFIG, "rev-parse", "--verify", "--end-of-options", ref], cwd=git_toplevel, capture_output=True, text=True, @@ -54,7 +56,7 @@ def get_changed_files_since(ref: str, root: Path) -> set[str]: # 3. Get changed files since ref (committed since ref, staged, unstaged). try: res = subprocess.run( - ["git", "diff", "--name-only", verified_ref, "--"], + ["git", *_SAFE_GIT_CONFIG, "diff", "--name-only", verified_ref, "--"], cwd=git_toplevel, capture_output=True, text=True, @@ -68,7 +70,7 @@ def get_changed_files_since(ref: str, root: Path) -> set[str]: # 4. Get untracked files. try: res = subprocess.run( - ["git", "ls-files", "--others", "--exclude-standard"], + ["git", *_SAFE_GIT_CONFIG, "ls-files", "--others", "--exclude-standard"], cwd=git_toplevel, capture_output=True, text=True, diff --git a/src/wardline/core/legis.py b/src/wardline/core/legis.py index 87144974..fa2ce22e 100644 --- a/src/wardline/core/legis.py +++ b/src/wardline/core/legis.py @@ -56,6 +56,7 @@ LEGIS_ARTIFACT_KEY_ENV = "WARDLINE_LEGIS_ARTIFACT_KEY" SIG_PREFIX = "hmac-sha256:v2:" ARTIFACT_SIGNATURE_FIELD = "artifact_signature" +_SAFE_GIT_CONFIG = ("-c", "core.fsmonitor=false") # Cross-member scan-artifact keys that legis reads with a DEFAULT, not a hard # requirement (``findings`` -> empty list, ``dirty`` -> false). A silent rename of one @@ -199,7 +200,7 @@ def _git_tree_sha(root: Path) -> str | None: """ try: rev = subprocess.run( - ["git", "rev-parse", "HEAD^{tree}"], + ["git", *_SAFE_GIT_CONFIG, "rev-parse", "HEAD^{tree}"], cwd=root, capture_output=True, text=True, @@ -215,7 +216,7 @@ def _git_repo_root(root: Path) -> Path | None: """The containing git repository root, or None when unavailable.""" try: rev = subprocess.run( - ["git", "rev-parse", "--show-toplevel"], + ["git", *_SAFE_GIT_CONFIG, "rev-parse", "--show-toplevel"], cwd=root, capture_output=True, text=True, diff --git a/tests/unit/core/test_delta.py b/tests/unit/core/test_delta.py index 5b16c7af..659009ec 100644 --- a/tests/unit/core/test_delta.py +++ b/tests/unit/core/test_delta.py @@ -43,8 +43,16 @@ def run_dispatch(args, **kwargs): res = get_changed_files_since("HEAD~1", root) assert res == {"foo.py", "bar.py", "baz.py"} - assert mock_run.call_args_list[1].args[0] == ["git", "rev-parse", "--verify", "--end-of-options", "HEAD~1"] - assert mock_run.call_args_list[2].args[0] == ["git", "diff", "--name-only", "abc123", "--"] + _SAFE_GIT_CONFIG = ("-c", "core.fsmonitor=false") + assert mock_run.call_args_list[1].args[0] == [ + "git", + *_SAFE_GIT_CONFIG, + "rev-parse", + "--verify", + "--end-of-options", + "HEAD~1", + ] + assert mock_run.call_args_list[2].args[0] == ["git", *_SAFE_GIT_CONFIG, "diff", "--name-only", "abc123", "--"] @patch("subprocess.run")