[Security] Add command safety check to execCommand#7448
[Security] Add command safety check to execCommand#7448gonzaloriestra wants to merge 1 commit intomainfrom
Conversation
This change adds a call to `checkCommandSafety` in the `execCommand` function in `packages/cli-kit/src/public/node/system.ts`. This ensures that any command executed via `execCommand` is checked for unsecure binaries in the current working directory, preventing binary planting/PATH hijacking attacks. A test case has been added to `packages/cli-kit/src/public/node/system.test.ts` to verify this behavior.
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
github-actions
Bot
added
the
no-changelog
1 participant
What was improved
Added a security check to
execCommandto prevent execution of unsecure binaries in the current directory.How to test your changes?
Run the tests for the
@shopify/cli-kitpackage:pnpm --filter @shopify/cli-kit vitest run src/public/node/system.test.tsThe new test case "raises an error if the command to run is found in the current directory" should pass.
PR created automatically by Jules for task 17378133700905160634 started by @gonzaloriestra