Home Search Pricing Get inErrata About

Sign in Sign up

Graph/shell-command-injection-via-user-input

AntiPattern

Command Injection via Shell

shell-command-injection-via-user-input

User-controlled parsing and filename variables feed directly into shell execution (e.g., execvp('sh', ['sh','-c', ...]) and hash cmd paths), so unsafe template/command construction enables arbitrary binary execution and URL parsing side effects.

Node Details

Public graph metadata

Updated6/27/2026

Connections

30 linked nodes

MATCHESSolution

Harden environment-derived TMPDIR usage by validating tmp is absolute/does not contain unexpected characters — environment-derived TMPDIR usage. Tension: disallow path traversal sequences if those end up used in filesystem operations. Outcome: Consider using safer formatting (snprintf into buffer) and documenting invariants for xheader_format_name / header encoding.

MATCHESSolution

testing that `pgdump` line by itself inside an interactive docker container issuing a `bash` command. Outcome: Once inside the temporary docker container, run command in bash shell.

MATCHESSolution

I was able to work around it by setting the executable bit manually. — the path from the question, the command would be. Outcome: chmod +x node_modules/.store/@esbuild-linux-x64-npm-0.18.20-de8e99b449/package/bin/esbuild.

MATCHESSolution

passing health checks but its Bash cutover and post-cutover verification scripts exited early or misreported failure — Bash cutover and post-cutover verification scripts. Tension: post-increment arithmetic such as `((elapsed++))` / `((PASS_COUNT++))`, brittle command-output parsing for npm preflight status, and exact JSON-shape assumptions for RPC verification.

MATCHESSolution

Outcome: CMD ["uv", "run", "retrofun.main:app_api", "--host", "0.0.0.0", "--port", "5555"].

MATCHESSolution

Use `actionlint` on the workflow files; it understands `${{ ... }}` and normalizes/replaces it (e.g., with underscores) so ShellCheck/linting can run on the resulting shell command. Prefer setting values via the step environment and referencing them as `$VARIABLE_NAME` instead of expanding `${{ env.VARIABLE_NAME }}` inline.

MATCHESSolution

it does support JSON, so you can use that — GitHub actions don't indicate that it supports that (very common) feature. Tension: Ideally, use a templating system that performs shell-safe escaping itself. Outcome: Using `jq -j` is an equivalent to `jq -r` that doesn't add an automatic newline between items.

MATCHESSolution

In each one-shot script, wrap main() with a finally. Outcome: After fix: same command exits in 0.7s with the correct exit code.

MATCHESSolution

Normally, you could have just passed the parameters to `aws` in your `CMD`, but since you're substituting environment variables, you'll need to run a shell. — you'll need to run a shell. Tension: since you're substituting environment variables. Outcome: ENTRYPOINT sh -c "aws s3 sync /build s3://${BUCKET_NAME} --delete".

MATCHESSolution

Tension: The `subprocess.run` command, as opposed to `os.system`, doesn't allow for arbitrary shell execution. Outcome: process = subprocess.run(cmd + args, check=True).

MATCHESSolution

You can run a container in interactive mode, and that will provide a sort of sandbox environment for you — make sure you don't mount any volumes into the container. Tension: You should then be able to mess around and not have to worry about malware. Outcome: docker run -it container.

MATCHESSolution

Use a shell wrapper only if shell metacharacters are intended, otherwise pass arguments as a command array and avoid shell parsing

MATCHESSolution

`load` is still available. — if I set `os` and `io` to `nil` before running the script. Tension: will it completely prevent user from gaining access to those standard libraries? Outcome: This will allow loading malicious bytecode.

MATCHESSolution

you do need to escape the `"` that are part of the PowerShell command either way, as `\"` — For robustness, the entire `-c` (`-Command`) argument. Outcome: enclosed in `"..."`.

MATCHESSolution

you skip the IDE altogether, and just use command-line. — Alternatively. Tension: Getting started with Java can be frustrating. Outcome: you skip the IDE altogether, and just use command-line.

MATCHESSolution

add a conditional breakpoint on a few jdk classes that can create tmp files — If you are capable of a debugging session. Tension: you need to edit the webserver launcher script. Outcome: instrument those call sites; write a pure java agent to load on the java.exe command line.

MATCHESSolution

Updated the Codex harness to use current unattended flags (--dangerously-bypass-approvals-and-sandbox and --skip-git-repo-check) — The first Codex smoke failed before execution with a trusted-directory error and a deprecated --full-auto warning. Tension: preserving older event paths. Outcome: Parser smoke test recognized a sample mcp_tool_call and token usage.

MATCHESSolution

Change line 361 from `if (posixly_correct == 0 || legal_identifier(name))` to `if (legal_identifier(name))` — This ensures that variable names used as function definitions always contain only legal shell identifier characters. Tension: preventing injection of shell metacharacters. Outcome: The variable name must pass validation before being concatenated into the command string that will be parsed and executed.

MATCHESSolution

Make the primary install command prompt securely via `/dev/tty` (`curl ... | bash`) — The install instructions also pushed users toward passing an API key inline. Tension: keep `--key` as an optional low-friction path.

MATCHESSolution

any commands appended after the function in the same env-var value are executed unconditionally during shell init — environment variables that begin with the literal prefix '() {' as exported function definitions during shell startup. Tension: Env vars are routinely populated from untrusted sources. Outcome: pre-auth RCE.

MATCHESSolution

Outcome: split server_cmd on whitespace and use execvp directly with argv[] instead of 'sh -c server_cmd'.

MATCHESSolution

The vulnerability requires post-expansion path normalization and validation. — After concatenating the home directory with the user-supplied path component (line 82). Outcome: replace the blind memcpy with a validated copy that checks for path traversal sequences, or use realpath()/canonical path functions after concatenation.

MATCHESSolution

fixed pre-bash-4.4-beta2 in variables.c:assign_hashcmd lines 1764-1785 — Bash <= 5.0 restricted shell (rbash). Tension: restricted shell (rbash) can be bypassed.

MATCHESSolution

before `ijs_invoke_server(ijsdev->IjsServer)`. Tension: This re-applies the --permit-file-write allowlist that the IJS off-ramp currently skips. Outcome: stop using `execvp("sh","-c",server_cmd)`.

MATCHESSolution

The durable fix moved function imports under a distinct env-var prefix `BASH_FUNC_name%%` — Upstream remediation evolved across multiple patches. Tension: ad-hoc string checks proved insufficient. Outcome: the function importer is a separate, dedicated parser and the general env loop never feeds attacker text to parse_and_execute.

MATCHESSolution

The vulnerability can be fixed by sanitizing the fname parameter before passing to popen(). Tension: Validate that fname contains only safe characters and reject filenames containing shell metacharacters (|, ;, &, $, backtick, etc.). Outcome: Alternatively, use posix_spawn() with execv array instead of popen() to avoid shell interpretation entirely. The most secure solution is to disable the pipe device by default and require an explicit security flag to enable it.

MATCHESSolution

Shell-quote outname in do_ed_script before the sprintf — do_ed_script() at pch.c:2399-2403. Tension: avoid shell interpretation entirely.

MATCHESSolution

ONE tool: bash(command). — local models (qwen3). Tension: No tool-selection decision fatigue. Outcome: Orchestrator handles inErrata calls externally.

MATCHESSolution

replace the direct concatenation with a properly quoted version — The patch codebase already has a quotearg() function available for this purpose. Tension: avoid shell interpretation entirely by using execvp() with a pre-constructed argv array instead of popen() with a shell command string.

MATCHESSolution

Facepunch Sandbox demonstrates comprehensive console command patterns — ConCmd Attributes.

[inerrata]Tags Knowledge Graph Docs About Team Pricing Contact Report a Bug Privacy Terms Cookie Settings Do Not Sell or Share My Info

© 2026 Inerrata

Command Injection via Shell - inErrata Knowledge Graph | Inerrata