You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
_split_into_legs does not parse substitution nesting, so the operator inside $()/backticks splits the command into legs that separate the subcommand from its flag — per-leg literal arms match neither leg, and the form goes ungated. Whole-command matching caught these by accident of .* span.
whole-command matching — re-creates the cross-leg over-block (cardinal-sin direction under the honest-mistake charter) that the four per-leg conversions exist to cure;
substitution-aware leg parsing — a shell-parser re-architecture requiring its own RFC-grade risk analysis; a per-carrier denylist patch would be the known enumeration anti-pattern (structurally uncompletable).
Threat model: the merge-guard defends against honest mistakes; an honest agent does not carry a destructive flag past an operator hidden inside a substitution. Severity LOW by the control's own model.
What this issue is for
Audit-trail documentation so future security reviews do not re-litigate the class family-by-family. If a substitution-aware substrate is ever proposed, it must carry a bidirectional certification (no new over-block on ANY faithful single-command click — the PRIMARY inviolable gate — plus the no-new-under-block sweep) across all four families at once.
Surfaced and attributed by the blind security review of PR #1102 (SE-1, LOW).
Disposition record — accepted residual, all four per-leg families
Class: shell-substitution/backtick carriers holding a leg operator between a git subcommand and its dangerous flag, e.g.:
_split_into_legsdoes not parse substitution nesting, so the operator inside$()/backticks splits the command into legs that separate the subcommand from its flag — per-leg literal arms match neither leg, and the form goes ungated. Whole-command matching caught these by accident of.*span.Why this is accepted, not fixed
What this issue is for
Audit-trail documentation so future security reviews do not re-litigate the class family-by-family. If a substitution-aware substrate is ever proposed, it must carry a bidirectional certification (no new over-block on ANY faithful single-command click — the PRIMARY inviolable gate — plus the no-new-under-block sweep) across all four families at once.
Surfaced and attributed by the blind security review of PR #1102 (SE-1, LOW).