Commit 980b497
committed
Fix shell injection vulnerability in LocalRepoTools.search_code()
- Convert grep command from shell=True string to list-based subprocess call
- Add '--' separator to prevent query from being interpreted as grep flags
- Prevents shell injection attacks via user-provided search queries
- Maintains backward compatibility with regex patterns and special characters
- Verified with test queries including malicious payloads
Agent-Id: agent-fce47f03-d32a-4dda-b056-e23ed5a831f71 parent 442089f commit 980b497
1 file changed
Lines changed: 15 additions & 12 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
150 | 150 | | |
151 | 151 | | |
152 | 152 | | |
153 | | - | |
| 153 | + | |
154 | 154 | | |
155 | 155 | | |
156 | 156 | | |
157 | 157 | | |
158 | | - | |
| 158 | + | |
159 | 159 | | |
160 | | - | |
161 | | - | |
162 | | - | |
163 | | - | |
164 | | - | |
| 160 | + | |
| 161 | + | |
| 162 | + | |
| 163 | + | |
| 164 | + | |
| 165 | + | |
| 166 | + | |
| 167 | + | |
| 168 | + | |
165 | 169 | | |
166 | 170 | | |
167 | | - | |
168 | | - | |
| 171 | + | |
169 | 172 | | |
170 | 173 | | |
171 | 174 | | |
| |||
174 | 177 | | |
175 | 178 | | |
176 | 179 | | |
177 | | - | |
| 180 | + | |
178 | 181 | | |
179 | 182 | | |
180 | | - | |
| 183 | + | |
181 | 184 | | |
182 | 185 | | |
183 | 186 | | |
| |||
190 | 193 | | |
191 | 194 | | |
192 | 195 | | |
193 | | - | |
| 196 | + | |
194 | 197 | | |
195 | 198 | | |
196 | 199 | | |
| |||
0 commit comments