diff --git a/.jules/sentinel.md b/.jules/sentinel.md new file mode 100644 index 0000000..2a8b467 --- /dev/null +++ b/.jules/sentinel.md @@ -0,0 +1,4 @@ +## 2024-03-25 - Prevent Command Injection with Direct Binary Execution in Process +**Vulnerability:** Execution of external commands using shell wrappers (e.g., `/bin/bash -c "docker system prune -f 2>&1"`) within `Process` objects. +**Learning:** Shell wrappers expose the application to command injection vulnerabilities if user input or environmental variables are inadvertently included in the command string. Furthermore, features like shell redirection (`2>&1`) can be replicated safely without a shell wrapper. +**Prevention:** Avoid shell wrappers (`/bin/bash -c`). Execute binaries directly using `Process` with explicitly defined arguments (e.g., `executableURL = URL(fileURLWithPath: "/usr/bin/env")` and `arguments = ["docker", "system", "prune", "-f"]`). Securely replicate shell redirection by assigning the same `Pipe()` instance to both `process.standardOutput` and `process.standardError`. diff --git a/Sources/Cacheout/ViewModels/CacheoutViewModel.swift b/Sources/Cacheout/ViewModels/CacheoutViewModel.swift index 13a9811..f1b5ee9 100644 --- a/Sources/Cacheout/ViewModels/CacheoutViewModel.swift +++ b/Sources/Cacheout/ViewModels/CacheoutViewModel.swift @@ -231,8 +231,11 @@ class CacheoutViewModel: ObservableObject { let process = Process() let pipe = Pipe() - process.executableURL = URL(fileURLWithPath: "/bin/bash") - process.arguments = ["-c", "docker system prune -f 2>&1"] + // Use direct binary execution to mitigate command injection risks. + // Replacing '/bin/bash -c "..." 2>&1' with direct '/usr/bin/env' invocation. + // Stderr redirection is handled securely by sharing the pipe. + process.executableURL = URL(fileURLWithPath: "/usr/bin/env") + process.arguments = ["docker", "system", "prune", "-f"] process.standardOutput = pipe process.standardError = pipe process.environment = [