Skip to content

πŸ›‘οΈ Sentinel: [HIGH] Fix Terminal Injection via ANSI OSC sequences with ST terminator #157

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
hongymagic wants to merge 2 commits into
base: main
Choose a base branch
from
Open

πŸ›‘οΈ Sentinel: [HIGH] Fix Terminal Injection via ANSI OSC sequences with ST terminator #157

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
51f8c71
πŸ›‘οΈ Sentinel: [HIGH] Fix Terminal Injection via ANSI OSC sequences wit…
google-labs-jules[bot] May 11, 2026
caa11d6
πŸ›‘οΈ Sentinel: [HIGH] Fix Terminal Injection via ANSI OSC sequences wit…
google-labs-jules[bot] May 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .jules/sentinel.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,3 +39,7 @@
**Vulnerability:** The `filterSensitiveFields` function in `src/providers/index.ts` used a manual recursive loop to drop sensitive keys, but it failed to recurse into arrays. If a configuration object contained an array with sensitive nested objects, those secrets would be leaked in debug logs.
**Learning:** Manual object traversal for redaction is prone to edge cases (like arrays or circular references).
**Prevention:** Use a custom replacer function with `JSON.stringify` to safely and completely redact sensitive fields across all nested structures.
## 2026-05-11 - Terminal Injection via ANSI OSC ST sequences
**Vulnerability:** ANSI_REGEX in `src/ansi.ts` failed to match OSC sequences terminated with the String Terminator (ST, `\u001B\\`), leaving them unstripped. `sanitizeForTerminal` then translated `\x1B` to the literal string `\x1B`, meaning the payload was bypassed entirely and printed to the terminal.
**Learning:** Standard library `ansi-regex` packages and implementations often omit or poorly handle the String Terminator (ST) sequence, assuming OSCs only end in `\x07` (BEL).
Comment on lines +43 to +44
**Prevention:** When stripping ANSI escapes, ensure OSC (Operating System Command) regexes explicitly capture the String Terminator `(?:\u0007|\u001B\\)` to completely sanitize potentially malicious sequences like terminal hyperlinks.
2 changes: 1 addition & 1 deletion src/ansi.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// eslint-disable-next-line no-control-regex
const ANSI_REGEX = new RegExp(
[
"[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)",
"[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]+)*|[a-zA-Z\\d]+(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?(?:\\u0007|\\u001B\\\\))",
"(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-nq-uy=><~]))",
].join("|"),
"g",
Expand Down
6 changes: 6 additions & 0 deletions tests/ansi_security.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,12 @@ describe("sanitizeForClipboard", () => {
expect(sanitizeForClipboard(input)).toBe("Red Text");
});

test("strips ANSI OSC sequences with String Terminator (ST)", () => {
const input =
"\u001b]8;;http://malicious.com\u001b\\Malicious Link\u001b]8;;\u001b\\";
expect(sanitizeForClipboard(input)).toBe("Malicious Link");
});

test("preserves tab and newline; normalises CRLF to LF", () => {
expect(sanitizeForClipboard("Line 1\n\tIndented\r\nLine 2")).toBe(
"Line 1\n\tIndented\nLine 2",
Expand Down