Skip to content

fix: add path traversal sanitization to plugin namespaces in setup.sh (t305)#1188

Merged
marcusquinn merged 1 commit intomainfrom
feature/t305
Feb 12, 2026
Merged

fix: add path traversal sanitization to plugin namespaces in setup.sh (t305)#1188
marcusquinn merged 1 commit intomainfrom
feature/t305

Conversation

@marcusquinn
Copy link
Owner

@marcusquinn marcusquinn commented Feb 12, 2026
edited
Loading

Summary

  • Add sanitize_plugin_namespace() function to prevent path traversal attacks via malicious plugins.json namespace values
  • Apply sanitization at all 3 plugin namespace usage points: namespace collection, disabled plugin cleanup (rm -rf), and enabled plugin clone path construction
  • Uses basename to strip path components + regex to reject dot-prefixed/empty/whitespace names

Security Fix

A malicious plugins.json could contain namespace values like ../../../etc/passwd which would be used unsanitized in:

  1. rm -rf "$target_dir/$namespace" (disabled plugin cleanup)
  2. git clone ... "$target_dir/$namespace" (enabled plugin deployment)
  3. rsync --exclude=$namespace/ and tar --exclude=$namespace (namespace preservation)

The new sanitize_plugin_namespace() function:

  • Strips all path components via basename (primary defense)
  • Rejects names starting with ., containing .., whitespace, or path separators
  • Rejects empty results

Testing

  • Bash syntax check: PASS
  • ShellCheck (function isolation): PASS (zero violations)
  • Manual test cases: valid names pass, traversal attacks stripped to safe basenames, dot-prefixed/empty/whitespace rejected

Fixes CodeRabbit finding from PR#762.

@gemini-code-assist
Copy link

gemini-code-assist bot commented Feb 12, 2026

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 12, 2026
edited
Loading

Warning

Rate limit exceeded

@marcusquinn has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 23 minutes and 52 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch feature/t305

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@marcusquinn marcusquinn changed the title fix: sanitize plugin namespaces to prevent path traversal (t305) fix: add path traversal sanitization to plugin namespaces in setup.sh (t305) Feb 12, 2026
@github-actions
Copy link

github-actions bot commented Feb 12, 2026

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 15 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Thu Feb 12 02:40:38 UTC 2026: Code review monitoring started
Thu Feb 12 02:40:39 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 15

📈 Current Quality Metrics

  • BUGS: 0
  • CODE SMELLS: 15
  • VULNERABILITIES: 0

Generated on: Thu Feb 12 02:40:41 UTC 2026

Generated by AI DevOps Framework Code Review Monitoring

marcusquinn added a commit that referenced this pull request Feb 12, 2026
@marcusquinn
feat: auto-resolve merge conflicts with escalating strategy (t302)
724ed82 
Add escalating conflict resolution to rebase_sibling_pr():
1. Plain rebase (no conflicts)
2. Rebase with -Xtheirs (feature branch wins on conflicts)
3. AI CLI resolution for complex cases (Strategy 3 fallback)

Also adds:
- resolve_rebase_conflicts() for AI-assisted per-file resolution
- Stale worktree cleanup (abort stuck rebases, fix detached HEAD)
- Temp worktree creation when no worktree exists (avoids dirty tree)
- CONFLICTING added to t298 handler (was only BEHIND/DIRTY)
- Phase 7b: periodic retry of merge-conflict-blocked tasks (30min)

Tested: resolved 4 blocked PRs (#1171, #1187, #1188, #1191) that
were stuck with merge conflicts — all resolved with -Xtheirs.
@marcusquinn marcusquinn mentioned this pull request Feb 12, 2026
Merged
@marcusquinn
fix: add path traversal sanitization to plugin namespaces in setup.sh…
87d4791 
… (t305)

Add sanitize_plugin_namespace() function that uses basename to strip path
components and rejects dot-prefixed, empty, or whitespace-containing names.

Applied at all 3 plugin namespace usage points:
- Namespace collection for preserved dirs (line ~3057)
- Disabled plugin cleanup with rm -rf (line ~3279)
- Enabled plugin clone path construction (line ~3302)

Prevents malicious plugins.json namespace values like '../../../etc/passwd'
from causing path traversal in rm -rf or git clone operations.

Fixes CodeRabbit finding from PR#762.
@marcusquinn marcusquinn merged commit 5895def into main Feb 12, 2026
8 of 9 checks passed
@github-actions
Copy link

github-actions bot commented Feb 12, 2026

🔍 Code Quality Report

�[0;35m[MONITOR]�[0m Code Review Monitoring Report

�[0;34m[INFO]�[0m Latest Quality Status:
SonarCloud: 0 bugs, 0 vulnerabilities, 15 code smells

�[0;34m[INFO]�[0m Recent monitoring activity:
Thu Feb 12 02:47:31 UTC 2026: Code review monitoring started
Thu Feb 12 02:47:31 UTC 2026: SonarCloud - Bugs: 0, Vulnerabilities: 0, Code Smells: 15

📈 Current Quality Metrics

  • BUGS: 0
  • CODE SMELLS: 15
  • VULNERABILITIES: 0

Generated on: Thu Feb 12 02:47:34 UTC 2026

Generated by AI DevOps Framework Code Review Monitoring

marcusquinn added a commit that referenced this pull request Feb 12, 2026
@marcusquinn
feat: auto-resolve merge conflicts with escalating strategy (t302) (#…
7b2f984 
…1203)

Add escalating conflict resolution to rebase_sibling_pr():
1. Plain rebase (no conflicts)
2. Rebase with -Xtheirs (feature branch wins on conflicts)
3. AI CLI resolution for complex cases (Strategy 3 fallback)

Also adds:
- resolve_rebase_conflicts() for AI-assisted per-file resolution
- Stale worktree cleanup (abort stuck rebases, fix detached HEAD)
- Temp worktree creation when no worktree exists (avoids dirty tree)
- CONFLICTING added to t298 handler (was only BEHIND/DIRTY)
- Phase 7b: periodic retry of merge-conflict-blocked tasks (30min)

Tested: resolved 4 blocked PRs (#1171, #1187, #1188, #1191) that
were stuck with merge conflicts — all resolved with -Xtheirs.
@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 12, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@marcusquinn marcusquinn deleted the feature/t305 branch February 12, 2026 02:52
marcusquinn added a commit that referenced this pull request Feb 12, 2026
@marcusquinn
chore: mark t305 complete in TODO.md (#1188)
40a62ca
@github-actions github-actions bot mentioned this pull request Feb 12, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marcusquinn