🛡️ Sentinel: [CRITICAL] Fix command injection in github clone API

[bobdivx]

🚨 Severity: CRITICAL
💡 Vulnerability: Command injection and argument injection in src/pages/api/github-clone.ts due to use of exec with unsanitized user inputs.
🎯 Impact: Remote Code Execution (RCE). A malicious user could supply a crafted repoName (e.g. ; rm -rf /;) to execute arbitrary shell commands on the server.
🔧 Fix: Replaced exec with execFile to bypass the shell and pass arguments safely in an array. Also added checks to prevent input strings starting with a hyphen (-) to avoid flag injection.
✅ Verification: Run pnpm test, pnpm run check, and pnpm build to verify tests pass and no regression is introduced.

---

PR created automatically by Jules for task 14589236271835371679 started by @bobdivx

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
forge	Ready	Preview, Comment	May 7, 2026 5:46pm

[gemini-code-assist]

Code Review

This pull request addresses a command injection vulnerability in the github-clone.ts API by replacing exec with execFile, implementing type checks, and preventing argument injection. Documentation of the vulnerability was also added to a sentinel file. Feedback highlights that repoName validation should be strengthened to prevent path traversal and that error handling for the clone command must be improved to avoid leaking the GitHub token in the response.

[gemini-code-assist]

Validating only the leading hyphen is insufficient for repoName. Since this value is used as a directory name in path.join and passed to git clone, it should be strictly validated to prevent path traversal (e.g., ..) and ensure it doesn't contain path separators. This prevents a malicious user from cloning a repository into an arbitrary location on the server.

Suggested change

	if (repoUrl.trim().startsWith('-') || repoName.trim().startsWith('-')) {
	if (repoUrl.trim().startsWith('-') || repoName.trim().startsWith('-') || repoName.includes('..') || repoName.includes('/') || repoName.includes('\\')) {

[gemini-code-assist]

The authUrl contains the sensitive githubToken. When execFilePromise fails (e.g., due to an invalid URL or network error), the error object's message property typically includes the full command line with all arguments. This error message is then returned directly to the client in the catch block at line 66, leaking the token. You should catch the error here and throw a generic one to ensure the token is never exposed.

Suggested change

	const { stdout, stderr } = await execFilePromise('git', ['clone', authUrl, repoName], { cwd: reposRoot });
	const { stdout, stderr } = await execFilePromise('git', ['clone', authUrl, repoName], { cwd: reposRoot }).catch(() => {
	throw new Error('Erreur lors du clonage du dépôt. Veuillez vérifier l\'URL et vos accès.');
	});