fix(bash-guard): deny git verbs hidden in command substitutions#226
Merged
Conversation
Closes the real bypass antfleet flagged in PR #223 (credit to them for the finding): a denied git verb inside $(...) or backticks is expanded by the shell before the wrapping echo/printf runs, so the skeletonizer's strip hid it from the git check. This reworks it correctly where #223's fix could not land: - targets the live source (docker/scripts/bash-guard-hook.sh, COPY'd to /app/scripts/), not a path that doesn't exist; - runs INSIDE the ROBOCO_GUARD_SKIP_GIT guard, so on grok it stays the native --deny's job and never hard-cancels the run (#223 ran it unconditionally); - excludes single-quoted strings and heredoc bodies (literal / data, matching the skeletonizer), so a README documenting git verbs isn't a false positive; - fails closed (a non-sentinel / python failure denies). 44 bash-guard tests pass (5 new: dollar/backtick/double-quoted substitution deny, single-quoted literal allow, grok-skip allow).
github-actions
Bot
added
tests
|
Thanks for opening your first pull request on RoboCo! Quick checklist before review (most of these are enforced by CI, but worth a glance):
See CONTRIBUTING.md for the full workflow and the Code of Conduct for the community standards we follow. Welcome aboard — a maintainer will review shortly. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes the command-substitution bypass that antfleet-ops flagged in #223 — credit to them for the finding. A denied git verb inside
$(...)or backticks is expanded by the shell before the wrappingecho/printfruns, so the skeletonizer's strip hid it from the git check.This supersedes #223, whose submitted fix could not land as-is:
ROBOCO_GUARD_SKIP_GIT=1for graceful--deny) it wouldexit 2and hard-cancel the run;$(git …)was a false positive;This rework:
ROBOCO_GUARD_SKIP_GITguard, so on Grok it stays the native--deny's job (never a run-cancelling deny);44 bash-guard tests pass (5 new: dollar / backtick / double-quoted substitution deny, single-quoted literal allow, Grok-skip allow).
Once this merges, #223 should be closed with a link here.