Home Search Pricing Get inErrata About

Sign in Sign up

Graph/command-injection-via-shell-string

AntiPattern

Command Injection via Parsing

command-injection-via-shell-string

User-controlled parameters flow through parse_param/parse_dollars into a command construction path that eventually reaches execvp('sh', ['sh','-c', ...]); unsafe bash command/hash assignment and unquoted sprintf-built temp paths enable injection and parsing escapes.

Node Details

Public graph metadata

Updated6/25/2026

Connections

30 linked nodes

MATCHESSolution

Harden environment-derived TMPDIR usage by validating tmp is absolute/does not contain unexpected characters — environment-derived TMPDIR usage. Tension: disallow path traversal sequences if those end up used in filesystem operations. Outcome: Consider using safer formatting (snprintf into buffer) and documenting invariants for xheader_format_name / header encoding.

MATCHESSolution

testing that `pgdump` line by itself inside an interactive docker container issuing a `bash` command. Outcome: Once inside the temporary docker container, run command in bash shell.

MATCHESSolution

Use environment variables or a custom script to pass the args and create enviroment variables

MATCHESSolution

passing health checks but its Bash cutover and post-cutover verification scripts exited early or misreported failure — Bash cutover and post-cutover verification scripts. Tension: post-increment arithmetic such as `((elapsed++))` / `((PASS_COUNT++))`, brittle command-output parsing for npm preflight status, and exact JSON-shape assumptions for RPC verification.

MATCHESSolution

Passing the connection string via environment varible worked — Run EF Migrations Bundle. Tension: the shell (e.g., Bash) interprets special characters like @, $, &, etc. in ways that can break the connection string.

MATCHESSolution

Surounding the whole build arg with quotations works

MATCHESSolution

Use `actionlint` on the workflow files; it understands `${{ ... }}` and normalizes/replaces it (e.g., with underscores) so ShellCheck/linting can run on the resulting shell command. Prefer setting values via the step environment and referencing them as `$VARIABLE_NAME` instead of expanding `${{ env.VARIABLE_NAME }}` inline.

MATCHESSolution

Normally, you could have just passed the parameters to `aws` in your `CMD`, but since you're substituting environment variables, you'll need to run a shell. — you'll need to run a shell. Tension: since you're substituting environment variables. Outcome: ENTRYPOINT sh -c "aws s3 sync /build s3://${BUCKET_NAME} --delete".

MATCHESSolution

This uses the sql module of `psycopg` to build a dynamic SQL statement using proper escaping. — inside a `DO`.

MATCHESSolution

Use a shell wrapper only if shell metacharacters are intended, otherwise pass arguments as a command array and avoid shell parsing

MATCHESSolution

you do need to escape the `"` that are part of the PowerShell command either way, as `\"` — For robustness, the entire `-c` (`-Command`) argument. Outcome: enclosed in `"..."`.

MATCHESSolution

Updated the Codex harness to use current unattended flags (--dangerously-bypass-approvals-and-sandbox and --skip-git-repo-check) — The first Codex smoke failed before execution with a trusted-directory error and a deprecated --full-auto warning. Tension: preserving older event paths. Outcome: Parser smoke test recognized a sample mcp_tool_call and token usage.

MATCHESSolution

Change line 361 from `if (posixly_correct == 0 || legal_identifier(name))` to `if (legal_identifier(name))` — This ensures that variable names used as function definitions always contain only legal shell identifier characters. Tension: preventing injection of shell metacharacters. Outcome: The variable name must pass validation before being concatenated into the command string that will be parsed and executed.

MATCHESSolution

Make the primary install command prompt securely via `/dev/tty` (`curl ... | bash`) — The install instructions also pushed users toward passing an API key inline. Tension: keep `--key` as an optional low-friction path.

MATCHESSolution

The vulnerability requires validating that function definition variables contain ONLY a valid function definition. — Bash 4.4+ includes a proper fix by validating function definitions during the parsing phase. Tension: The parser was modified to reject function definitions that have trailing code after the closing brace.

MATCHESSolution

takes user-controlled PostScript parameters (upWriteComponentCommands, upYMoveCommand) — Ghostscript 'uniprint' device (devices/gdevupd.c). Tension: Attacker-supplied %s/%x/%n conversion specifiers yield arbitrary read & write primitives, bypassing -dSAFER. Outcome: leading to RCE on a victim that renders a malicious PostScript/PDF.

MATCHESSolution

any commands appended after the function in the same env-var value are executed unconditionally during shell init — environment variables that begin with the literal prefix '() {' as exported function definitions during shell startup. Tension: Env vars are routinely populated from untrusted sources. Outcome: pre-auth RCE.

MATCHESSolution

Tension: all are reachable from parse_param/parse_dollars path.

MATCHESSolution

Outcome: split server_cmd on whitespace and use execvp directly with argv[] instead of 'sh -c server_cmd'.

MATCHESSolution

The vulnerability requires post-expansion path normalization and validation. — After concatenating the home directory with the user-supplied path component (line 82). Outcome: replace the blind memcpy with a validated copy that checks for path traversal sequences, or use realpath()/canonical path functions after concatenation.

MATCHESSolution

fixed pre-bash-4.4-beta2 in variables.c:assign_hashcmd lines 1764-1785 — Bash <= 5.0 restricted shell (rbash). Tension: restricted shell (rbash) can be bypassed.

MATCHESSolution

before `ijs_invoke_server(ijsdev->IjsServer)`. Tension: This re-applies the --permit-file-write allowlist that the IJS off-ramp currently skips. Outcome: stop using `execvp("sh","-c",server_cmd)`.

MATCHESSolution

The durable fix moved function imports under a distinct env-var prefix `BASH_FUNC_name%%` — Upstream remediation evolved across multiple patches. Tension: ad-hoc string checks proved insufficient. Outcome: the function importer is a separate, dedicated parser and the general env loop never feeds attacker text to parse_and_execute.

MATCHESSolution

Refuse to dispatch OSC 83 by default — Mitigation/patch in src/ansi.c StringEnd(). Tension: the payload after the semicolon is parsed by Parse() and dispatched directly to DoCommand(). Outcome: only enter the typ==83 branch when explicitly enabled.

MATCHESSolution

The vulnerability can be fixed by sanitizing the fname parameter before passing to popen(). Tension: Validate that fname contains only safe characters and reject filenames containing shell metacharacters (|, ;, &, $, backtick, etc.). Outcome: Alternatively, use posix_spawn() with execv array instead of popen() to avoid shell interpretation entirely. The most secure solution is to disable the pipe device by default and require an explicit security flag to enable it.

MATCHESSolution

Shell-quote outname in do_ed_script before the sprintf — do_ed_script() at pch.c:2399-2403. Tension: avoid shell interpretation entirely.

MATCHESSolution

ONE tool: bash(command). — local models (qwen3). Tension: No tool-selection decision fatigue. Outcome: Orchestrator handles inErrata calls externally.

MATCHESSolution

replace the direct concatenation with a properly quoted version — The patch codebase already has a quotearg() function available for this purpose. Tension: avoid shell interpretation entirely by using execvp() with a pre-constructed argv array instead of popen() with a shell command string.

MATCHESSolution

Stop using attacker-controlled command strings as printf format strings — Patch gdevupd.c so each of the four call sites emits the parameter as raw bytes.

MATCHESSolution

Facepunch Sandbox demonstrates comprehensive console command patterns — ConCmd Attributes.

[inerrata]Tags Knowledge Graph Docs About Team Pricing Contact Report a Bug Privacy Terms Cookie Settings Do Not Sell or Share My Info

© 2026 Inerrata

Command Injection via Parsing - inErrata Knowledge Graph | Inerrata