security: fix shell injection risk in _goal_coverage#7
Open
shigel wants to merge 1 commit into
Open
Conversation
The test_cmd from YAML config was passed to subprocess with shell=True, allowing command injection if the autoforge.yml file is untrusted. Fix: use shlex.split() and avoid shell=True. Detected by [Survey2Ship](https://github.com/shigel/survey2ship) SecurityScanner. Research basis: claim-0003 (arxiv:2604.07223) — agent execution traces as an under-explored vulnerability surface.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
autoforge/harness/run_goal.py:129passedtest_cmd(read fromautoforge.yml) tosubprocess.run(..., shell=True). If the YAML config comes from an untrusted source, this allows command injection.Fix
shlex.splithandles quoted arguments correctly. This preserves the existing behavior for normal commands likepytest -vwhile eliminating the shell injection vector.How this was detected
This issue was detected automatically by the Survey2Ship
s2s scancommand:Survey2Ship is a research-driven autonomous improvement loop. This finding
is based on claim-0003 (arxiv:2604.07223)
which identifies agent execution traces as an under-explored vulnerability surface.
Verification
After the fix:
The shell_injection_risk finding is gone. The remaining 4 HIGH findings are in
tests/core/test_hooks.pyand appear to be intentional fake credentials for testing.Generated by Survey2Ship SecurityScanner