🛡️ Sentinel: [CRITICAL] Fix command injection in git utils

[kratos06]

🛡️ Sentinel: [CRITICAL] Fix command injection in git utils

🚨 Severity: CRITICAL
💡 Vulnerability: Command Injection in src/utils/git.ts
User input (search queries, hashes) was directly interpolated into shell commands using exec. A malicious input could execute arbitrary code.

🎯 Impact: Remote Code Execution (RCE) if an attacker can control the input to git search or commit info functions.

🔧 Fix:

• Replaced exec with execFile.
• Passed arguments as an array to avoid shell interpretation.
• Promisified execFile for async usage.

✅ Verification:

• Updated src/utils/__tests__/git.spec.ts to mock execFile and verify that arguments are passed as arrays.
• Ran tests with pnpm test utils/__tests__/git.spec.ts and confirmed they pass.

---

PR created automatically by Jules for task 712408146003483943 started by @kratos06

---

Summary by cubic

Fixes a critical command injection in src/utils/git.ts by replacing string-based exec calls with execFile and safe argument arrays. This blocks shell interpretation of user input and prevents RCE.

• Bug Fixes
  • Switched to child_process.execFile and promisified it.
  • Converted all git commands to argument arrays (version, rev-parse, log, show, status, diff).
  • Updated tests to mock execFile and assert argument arrays; added cases for missing git and non-repo.
  • Added a Sentinel note documenting the vulnerability and the mitigation.

^{Written for commit 9ea2d32. Summary will update on new commits.}

Summary by CodeRabbit

• Bug Fixes

  • Resolved a Command Injection security vulnerability in git utility operations by preventing unsafe shell execution patterns.

• Documentation

  • Added security documentation outlining the command injection vulnerability and mitigation approach.

• Tests

  • Updated test suite to validate secure command execution patterns.

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[coderabbitai]

📝 Walkthrough

Walkthrough

The changes migrate git utility execution from child_process.exec to child_process.execFile, replacing string-based command invocations with safer argument arrays. A security documentation file is added documenting the command injection vulnerability. No public API signatures are modified.

Changes

Cohort / File(s)	Summary
Security Documentation .jules/sentinel.md	New security note documenting command injection vulnerability in git utilities and recommending use of execFile or spawn with argument arrays instead of exec with string interpolation.
Production Implementation src/utils/git.ts	Replaced child_process.exec with child_process.execFile throughout git command invocations; converted string-based commands to argument arrays; renamed promisified helper from exec to execFileAsync; preserved error handling and control flow.
Test Suite src/utils/__tests__/git.spec.ts	Refactored mocks from exec to execFile semantics; removed custom ExecFunction and PromisifiedExec type declarations; updated promisify mock to handle variadic arguments; adjusted all test scenarios (checkGitInstalled, searchCommits, getCommitInfo, getWorkingState, getWorkspaceGitInfo) to simulate git commands via execFile with argument arrays and proper cwd handling.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Poem

🐰 No more strings for this bunny to worry about,
execFile hops in, keeps shell injection out!
Arrays instead of shell interpolation's dance,
Git commands now safe—a security advance! 🔐

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description provides vulnerability context, implementation details, and verification steps, but fails to include the mandatory 'Related GitHub Issue' section required by the repository template (no issue number linked).	Add the 'Closes: #<issue_number>' section to link this PR to an approved GitHub Issue, as required by the contribution template.
Docstring Coverage	⚠️ Warning	Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly identifies the critical security fix (command injection in git utils) that is the main focus of this PR, directly corresponding to the primary changes in the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch sentinel/fix-git-command-injection-712408146003483943

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cubic-dev-ai]

No issues found across 3 files