🛡️ Sentinel: [HIGH] Fix command injection in git search

[google-labs-jules]

🚨 Severity: HIGH
💡 Vulnerability: Command Injection in src/utils/git.ts. The searchCommits function (and others) used child_process.exec with user-supplied input (search query) interpolated into the command string. This allowed execution of arbitrary shell commands.
🎯 Impact: An attacker (or malicious LLM output) could execute arbitrary commands on the user's machine by crafting a malicious search query.
🔧 Fix: Refactored src/utils/git.ts to use child_process.execFile instead of exec. This executes the git binary directly without spawning a shell, and passes arguments as an array, neutralizing shell injection attacks.
✅ Verification: Added src/utils/__tests__/git_security.spec.ts to verify that execFile is used and arguments are passed safely. Updated src/utils/__tests__/git.spec.ts to mock execFile while preserving all existing test coverage. All tests pass.

---

PR created automatically by Jules for task 6771944921355609402 started by @kratos06

---

Summary by cubic

Fixed a high-severity command injection in git search by switching from child_process.exec to execFile with array args. This removes shell usage and blocks arbitrary command execution via malicious search queries.

• Bug Fixes
  • Refactored all git calls in src/utils/git.ts to use execFile (searchCommits, getCommitInfo, getWorkingState, repo checks, version).
  • Added security regression test (git_security.spec.ts) to verify safe argument passing and that exec is not used.
  • Updated existing tests to mock execFile; behavior remains unchanged.

^{Written for commit 39e5a1e. Summary will update on new commits.}

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}