🛡️ Sentinel: [CRITICAL] Fix command injection in github-clone.ts

[bobdivx]

🚨 Severity: CRITICAL
💡 Vulnerability: Command injection and argument injection via user input repoName and repoUrl in src/pages/api/github-clone.ts.
🎯 Impact: Attackers could execute arbitrary shell commands on the server by passing a malicious repoName (e.g., foo; rm -rf /).
🔧 Fix: Replaced child_process.exec with execFile to bypass shell evaluation and added validation to prevent repoName from starting with - (to avoid flag injection).
✅ Verification: Ran pnpm run check and pnpm test to ensure code remains stable and passes tests. Verified fix against src/pages/api/github-clone.ts.

---

PR created automatically by Jules for task 9463577152521717247 started by @bobdivx

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
forge	Ready	Preview, Comment	May 6, 2026 5:53pm

[gemini-code-assist]

Code Review

This pull request addresses a critical command injection vulnerability in the github-clone API by replacing child_process.exec with execFile and implementing a check to prevent repoName from starting with a hyphen. Feedback focuses on further hardening the implementation by suggesting a stricter whitelist regex for repoName to prevent path traversal, validating that repoUrl uses the HTTPS protocol, and utilizing the -- separator in the git clone command to definitively separate flags from positional arguments.

I am having trouble creating individual review comments. Click here to see my feedback.

src/pages/api/github-clone.ts (19-22)

While checking for a leading hyphen prevents basic argument injection for the repository name, it does not protect against path traversal (e.g., repoName being ..). Additionally, repoUrl should be validated to ensure it starts with https://. This ensures the subsequent token injection logic works correctly and prevents the URL itself from being used as a flag if it were to start with a hyphen. Using a strict whitelist regex for repoName is a more robust approach.

    // 🛡️ Security: Prevent path traversal and flag injection
    if (!/^[a-zA-Z0-9._-]{1,128}$/.test(repoName) || repoName.includes('..') || repoName.startsWith('-') || !repoUrl.startsWith('https://')) {
      return new Response(JSON.stringify({ error: 'Paramètres invalides (repoUrl doit être HTTPS)' }), { status: 400 });
    }

src/pages/api/github-clone.ts (41-42)

To further harden the command against argument injection, use the -- separator. This explicitly tells git that all following arguments are positional (the repository URL and the destination directory) and should not be interpreted as flags, even if they were to start with a hyphen. This is a critical defense-in-depth measure when passing user-controlled strings to CLI tools.

    // 🛡️ Security: Use execFile and the '--' separator to prevent command and argument injection
    const { stdout, stderr } = await execFileAsync('git', ['clone', '--', authUrl, repoName], { cwd: reposRoot });