Fix shell injection vulnerability in LocalRepoTools.search_code()

sng-asyncfunc · sng-asyncfunc · commit 980b4974fc96 · 2026-02-10T15:12:51.000-06:00
- Convert grep command from shell=True string to list-based subprocess call
- Add '--' separator to prevent query from being interpreted as grep flags
- Prevents shell injection attacks via user-provided search queries
- Maintains backward compatibility with regex patterns and special characters
- Verified with test queries including malicious payloads

Agent-Id: agent-fce47f03-d32a-4dda-b056-e23ed5a831f7
diff --git a/npx/python/cli/local_repo_tools.py b/npx/python/cli/local_repo_tools.py
@@ -150,22 +150,25 @@ async def list_directory(self, path: str = "") -> list[dict[str, Any]]:
     
     async def search_code(self, query: str) -> list[dict[str, Any]]:
         """Search for code patterns in the local repo using grep.
-        
+
         Returns paths + fragments. Soft-fails on error (returns []).
         """
         if not query or not query.strip():
             return []
-        
+
         query = query.strip()
-        
-        # Build grep command
-        extensions = " ".join(f"--include='*{ext}'" for ext in SEARCH_EXTENSIONS)
-        cmd = f"grep -rn {extensions} {query} {self.root_path}"
-        
+
+        # Build grep command as list (no shell=True to prevent shell injection)
+        args = ["grep", "-rn"]
+        for ext in SEARCH_EXTENSIONS:
+            args.append(f"--include=*{ext}")
+        args.append("--")  # End of options, prevents query from being interpreted as flag
+        args.append(query)
+        args.append(self.root_path)
+
         try:
             result = subprocess.run(
-                cmd,
-                shell=True,
+                args,
                 capture_output=True,
                 text=True,
                 timeout=10,
@@ -174,10 +177,10 @@ async def search_code(self, query: str) -> list[dict[str, Any]]:
             return []  # Soft fail
         except Exception:
             return []  # Soft fail
-        
+
         if result.returncode != 0:
             return []  # No matches or error
-        
+
         results = []
         for line in result.stdout.splitlines()[:10]:  # Limit to 10 results
             # Parse grep output: path:line:content
@@ -190,7 +193,7 @@ async def search_code(self, query: str) -> list[dict[str, Any]]:
                     "path": rel_path.replace(os.sep, "/"),
                     "fragment": fragment,
                 })
-        
+
         return results
     
     async def close(self):
