fix: remove shell usage from plugin check#1367
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR updates the plugin-structure GitHub Actions workflow to eliminate shell execution when scanning plugin directories for symlinks, mitigating command-injection risk from malicious plugin names in PRs.
Changes:
- Replaces the
findshell invocation with a JavaScript filesystem walk to detect symlinks. - Keeps the existing “materialized files” checks for
agents/commands/skillssubdirectories intact.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/check-plugin-structure.yml | Removes shell-based symlink detection and replaces it with an in-process directory traversal to avoid command injection. |
Copilot's findings
- Files reviewed: 1/1 changed files
- Comments generated: 2
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR hardens the check-plugin-structure GitHub Actions workflow by removing a shell-based find invocation and replacing it with a Node.js filesystem walk to detect symlinks, addressing a potential command-injection vector from untrusted plugin directory names in PRs.
Changes:
- Removed
child_process.execSyncusage in the workflow’s symlink detection logic. - Added a
findSymlinks()filesystem traversal usingreaddirSync+lstatSyncto identify symlinks without invoking a shell. - Updated symlink error reporting and added error handling for directory/entry inspection failures.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/check-plugin-structure.yml |
Replaces shell-based symlink scanning with a Node-based directory walk to eliminate command injection risk. |
Copilot's findings
- Files reviewed: 1/1 changed files
- Comments generated: 1
| if (symlinkPaths.length > 0) { | ||
| const formattedPaths = symlinkPaths.map(filePath => `\`${filePath}\``).join(', '); | ||
| errors.push(`${pluginPath} contains symlinks: ${formattedPaths}`); |
There was a problem hiding this comment.
formattedPaths wraps user-controlled filesystem names in Markdown inline code without escaping. A crafted symlink filename containing backticks/newlines (or @mentions) can break formatting and potentially inject unwanted Markdown into the PR review body. Consider escaping Markdown special characters in filePath (at least backticks/newlines) or rendering the symlink list inside a fenced code block with safe escaping.
Summary
Context
This addresses the command injection reported in github/next#264 by removing the interpolated shell invocation entirely.