🛡️ Sentinel: [CRITICAL] Fix command injection in docker logs API#29
🛡️ Sentinel: [CRITICAL] Fix command injection in docker logs API#29bobdivx wants to merge 1 commit into
Conversation
- Replaced vulnerable `execSync` with `execFile` from `child_process` - Passed parameters `tail` and `containerId` via arguments array to prevent shell injection - Validated inputs to ensure `containerId` doesn't start with a hyphen (flag injection) - Parsed and sanitized `tail` to ensure it is a positive integer or fallback to '100' - Sanitized error message returned to the client to avoid leaking sensitive internal stack trace info - Documented findings in `.jules/sentinel.md` - Tests and checks pass Co-authored-by: bobdivx <6737167+bobdivx@users.noreply.github.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with New to Jules? Learn more at jules.google/docs. For security, I will only act on instructions from the user who triggered this task. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request addresses a critical command injection vulnerability in the docker-logs API by replacing execSync with execFile and using argument arrays. It also introduces validation for the containerId to prevent flag injection and sanitizes error messages to avoid leaking system details. Feedback was provided to cap the tail parameter to a maximum value to prevent potential resource exhaustion or buffer overflows.
| const tailParsed = parseInt(tailRaw, 10); | ||
| const tailStr = isNaN(tailParsed) || tailParsed < 0 ? '100' : tailParsed.toString(); |
There was a problem hiding this comment.
The tail parameter is parsed but not capped. An excessively large value could lead to high memory usage or cause the execFile buffer to overflow (the default limit is 1MB). Enforcing a maximum limit improves API stability and prevents potential resource exhaustion.
| const tailParsed = parseInt(tailRaw, 10); | |
| const tailStr = isNaN(tailParsed) || tailParsed < 0 ? '100' : tailParsed.toString(); | |
| const tailParsed = parseInt(tailRaw, 10); | |
| const tailStr = isNaN(tailParsed) || tailParsed < 0 ? '100' : Math.min(tailParsed, 1000).toString(); |
1 participant
🚨 Severity: CRITICAL
💡 Vulnerability: Command injection where unsanitized user query parameters (
idandtail) were directly concatenated into a shell command (docker logs --tail ${tail} ${containerId}) and executed usingexecSync.🎯 Impact: Attackers could inject arbitrary bash commands using
&,;, or|operators to execute malicious code on the host machine.🔧 Fix: Used
execFilewrapped withutil.promisifyto executedockerdirectly, avoiding the bash shell, passing arguments as an array. Added flag injection checks and error sanitization.✅ Verification: Ensure tests pass and the logs endpoint correctly fetches standard docker logs while discarding injected commands.
PR created automatically by Jules for task 10186215259954644985 started by @bobdivx