From 25e260bb3a00102590a09d8e0b3758e3b7647fd1 Mon Sep 17 00:00:00 2001 From: Leon Date: Thu, 26 Feb 2026 19:04:32 +0700 Subject: [PATCH] fix(security): prevent shell injection in sudo password piping The sudo password was embedded in shell commands via single-quote interpolation: echo '{password}' | sudo -S If the password contained shell metacharacters (single quotes, $(), backticks), they would be interpreted by the shell, enabling arbitrary command execution. Fix: use shlex.quote() which properly escapes all shell-special characters, ensuring the password is always treated as a literal string argument to echo. --- tools/terminal_tool.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/terminal_tool.py b/tools/terminal_tool.py index 8af8c9d2fe..b2cfa6030e 100644 --- a/tools/terminal_tool.py +++ b/tools/terminal_tool.py @@ -319,7 +319,9 @@ def _transform_sudo_command(command: str) -> str: # Replace 'sudo' with password-piped version # The -S flag makes sudo read password from stdin # The -p '' suppresses the password prompt - return f"echo '{sudo_password}' | sudo -S -p ''" + # Use shlex.quote() to prevent shell injection via password content + import shlex + return f"echo {shlex.quote(sudo_password)} | sudo -S -p ''" # Match 'sudo' at word boundaries (not 'visudo' or 'sudoers') # This handles: sudo, sudo -flag, etc.