🛡️ Sentinel: [CRITICAL] Fix command injection in github-clone api

[bobdivx]

🚨 Severity: CRITICAL
💡 Vulnerability: The /api/github-clone endpoint used exec() with interpolated repoUrl and repoName parameters without sufficient sanitization. Additionally, errors thrown by command execution failures automatically concatenate arguments (such as the githubToken) to the error.message, which was then being returned verbatim to clients.
🎯 Impact: An attacker could execute arbitrary OS commands on the server by supplying malicious repoUrl or repoName payload inputs. Alternatively, an attacker could attempt failing clones and read the server response to extract the instance's private GitHub Token.
🔧 Fix: Refactored the command execution to use execFile, verified that parameters do not start with hyphens to stop argument injection, and strictly sanitized the error text to redact tokens matching oauth2:***@.
✅ Verification: Ran test suite which passed, ran codebase checks which passed.

---

PR created automatically by Jules for task 3081547663990760482 started by @bobdivx

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
forge	Ready	Preview, Comment	May 11, 2026 5:26pm

[gemini-code-assist]

Code Review

This pull request enhances the security of the GitHub cloning process by transitioning from exec to execFile, implementing checks against argument injection, and sanitizing error messages to prevent the leakage of sensitive tokens. Additionally, documentation was added to the sentinel log regarding these vulnerabilities. Feedback was provided regarding a potential path traversal vulnerability in the repoName parameter, suggesting the use of a strict regular expression to validate directory names and prevent unauthorized file system access.

[gemini-code-assist]

While checking for leading hyphens prevents argument injection, repoName is also used to construct a file path at line 29 and passed as a directory name to git clone at line 40. An attacker could provide a path like ../../some/path to perform a path traversal attack, potentially writing files outside the intended reposRoot. It is recommended to strictly validate repoName using a regular expression that only allows safe characters (alphanumeric, dots, underscores, and hyphens) and limits its length, similar to the isSafeRepoDirName utility defined in src/lib/forge-repos.ts.

Suggested change

	if (String(repoUrl).trim().startsWith('-') || String(repoName).trim().startsWith('-')) {
	return new Response(JSON.stringify({ error: 'Paramètres invalides (injection suspectée)' }), { status: 400 });
	}
	const safeNameRegex = /^[a-zA-Z0-9._-]{1,128}$/;
	if (!safeNameRegex.test(repoName) || String(repoUrl).trim().startsWith('-')) {
	return new Response(JSON.stringify({ error: 'Paramètres invalides (nom de dépôt non sûr ou injection suspectée)' }), { status: 400 });
	}