Skip to content

fix(core): block $VAR and ${VAR} variable expansion bypass (GHSA-wpqr-6v78-jr5g)#28403

Open
thalha-a9 wants to merge 8 commits into
google-gemini:mainfrom
thalha-a9:fix/variable-expansion-bypass
Open

fix(core): block $VAR and ${VAR} variable expansion bypass (GHSA-wpqr-6v78-jr5g)#28403
thalha-a9 wants to merge 8 commits into
google-gemini:mainfrom
thalha-a9:fix/variable-expansion-bypass

Conversation

@thalha-a9

@thalha-a9 thalha-a9 commented Jul 15, 2026

Copy link
Copy Markdown

Summary

  • Fixes an incomplete check in detectBashSubstitution() and detectPowerShellSubstitution() that allowed variable expansion patterns to bypass the security gate added for GHSA-wpqr-6v78-jr5g
  • Defense-in-depth hardening of gemini-automated-issue-dedup.yml workflow

Fixes #28418

Changes

File What
packages/core/src/utils/shell-utils.ts Block ${VAR} and $VAR in both bash and PowerShell detection, with allowlist for safe automatic variables
packages/core/src/utils/shell-utils.test.ts 120 test cases — dual-platform coverage, safe variable allowlist, edge cases
.github/workflows/gemini-automated-issue-dedup.yml author_association guard + clear GITHUB_TOKEN in sandboxed env

Test plan

  • 120 tests passing (vitest)
  • Pre-commit hooks pass (prettier, eslint)
  • All CI checks green
  • Gemini Code Assist review: "I have no feedback to provide"
  • Single call site (shell.ts:468) verified — no unintended side effects

…titution

The existing detectBashSubstitution() only blocked $() command
substitution and backticks, but allowed $VAR and ${VAR} variable
expansion to pass through undetected. This is a bypass of the
fix for GHSA-wpqr-6v78-jr5g.

An attacker-controlled prompt could instruct the model to run
commands like: echo $GITHUB_TOKEN, echo ${GEMINI_API_KEY}, or
write env vars to GITHUB_ENV — exfiltrating secrets from CI
environments without triggering any security gate.

Changes:
- shell-utils.ts: Extend the $ character check in
  detectBashSubstitution() to also block ${...} (brace
  expansion) and $IDENTIFIER (bare variable names starting
  with [a-zA-Z_]). Harmless special variables ($?, $$,
  $0-$9) remain unblocked.
- shell-utils.test.ts: Add 19 test cases covering blocked
  variable expansion, existing command substitution, safe
  commands, and edge cases (escaped \$, trailing $,
  single-quoted $VAR).
- gemini-automated-issue-dedup.yml: Defense-in-depth
  hardening — add author_association guard on issues:opened
  trigger and clear GITHUB_TOKEN in the Gemini CLI
  environment to prevent token access from within the
  sandboxed execution.
@thalha-a9
thalha-a9 requested review from a team as code owners July 15, 2026 02:11
@gemini-code-assist

Copy link
Copy Markdown
Contributor

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a security vulnerability (GHSA-wpqr-6v78-jr5g) where the existing shell command validation was insufficient. By only blocking command substitution like $(), it left the system exposed to variable expansion attacks. The changes extend the detection logic to identify and block $VAR and ${VAR} patterns, ensuring that sensitive environment variables cannot be easily exfiltrated through command execution.

Highlights

  • Security Hardening: Updated detectBashSubstitution to block $VAR and ${VAR} variable expansion, preventing potential secret exfiltration via malicious shell commands.
  • Expanded Test Coverage: Added 19 new test cases to shell-utils.test.ts covering various variable expansion scenarios, edge cases, and safe command patterns.
Ignored Files
  • Ignored by pattern: .github/workflows/** (1)
    • .github/workflows/gemini-automated-issue-dedup.yml
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@github-actions github-actions Bot added the size/m A medium sized PR label Jul 15, 2026
@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown

📊 PR Size: size/L

  • Lines changed: 256
  • Additions: +250
  • Deletions: -6
  • Files changed: 3

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates detectBashSubstitution in shell-utils.ts to block variable expansion ($VAR and ${VAR}) and command substitution, and adds corresponding unit tests. The review feedback correctly identifies a critical security gap where detectPowerShellSubstitution (used on Windows) was not updated, leaving Windows environments vulnerable to variable expansion attacks. Additionally, the reviewer suggests expanding the test suite to run these variable expansion checks against both linux and win32 platforms to ensure comprehensive coverage.

Comment thread packages/core/src/utils/shell-utils.ts
Comment thread packages/core/src/utils/shell-utils.test.ts Outdated
@gemini-cli gemini-cli Bot added the status/need-issue Pull requests that need to have an associated issue. label Jul 15, 2026
…form test coverage

detectPowerShellSubstitution() was missed in the original fix, leaving
Windows environments exploitable via $env:VAR and ${env:VAR} syntax.
Also restructures variable-expansion tests to run against both bash
and PowerShell platforms, since the prior tests only exercised the
bash path due to a global platform stub — which is why this gap
wasn't caught initially.

- shell-utils.ts: extend detectPowerShellSubstitution() to block
  ${...} and $IDENTIFIER, mirroring the bash fix
- shell-utils.test.ts: dual-platform assertions for shared cases,
  new PowerShell-specific $env:/${env:} test cases, vi.stubEnv/
  unstubAllEnvs for ComSpec isolation (matches existing file
  convention)
@thalha-a9

Copy link
Copy Markdown
Author

/gemini review

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request enhances shell utility functions to detect and block command substitutions and variable expansions in both Bash and PowerShell environments, accompanied by comprehensive unit tests. The review feedback correctly identifies that overly restrictive blocking of variables starting with letters or underscores will cause false positives by blocking harmless automatic variables and constants (such as $_ in Bash, and $true, $false, $null, and $_ in PowerShell). It is recommended to apply the provided code suggestions to explicitly allow these safe, built-in variables.

Comment thread packages/core/src/utils/shell-utils.ts
Comment thread packages/core/src/utils/shell-utils.ts
…detection

Addresses reviewer feedback that blocking all $IDENTIFIER patterns
over-blocks harmless automatic variables. After capturing the full
variable name, check against an explicit allowlist before blocking:

- Bash: $_ (last argument) allowed; $_SECRET, $_1 etc. still blocked
- PowerShell: $true, $false, $null, $args, $_ allowed; $trueVar,
  $_FOO, $TOKEN etc. still blocked

Adds 13 test cases confirming exact-match semantics — partial matches
like $nullify or $_SECRET are correctly blocked.
@thalha-a9

Copy link
Copy Markdown
Author

/gemini review

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces the detectCommandSubstitution utility to detect and block unsafe command substitutions and variable expansions in bash and PowerShell, while permitting safe automatic variables. The review feedback correctly points out that PowerShell automatic variables are case-insensitive, meaning the current case-sensitive check will incorrectly block mixed-case or uppercase variables like $True. It is recommended to normalize the variable name to lowercase before checking and to add corresponding test cases to verify this behavior.

Comment thread packages/core/src/utils/shell-utils.ts Outdated
Comment thread packages/core/src/utils/shell-utils.test.ts
…riables

PowerShell automatic variables ($True, $FALSE, $Null, $ARGS) are
case-insensitive. Normalize varName to lowercase before checking
against the allowlist so mixed-case variants are not incorrectly
blocked. Adds 5 additional test cases for mixed/uppercase variants.
…nstants

Move BASH_SAFE_VARS, PS_SAFE_VARS, and VAR_NAME_RE out of the hot
path so they are not re-created on every $ character encountered.
Adds one test for $_ followed by a space (word-boundary correctness).
@github-actions github-actions Bot added the size/l A large sized PR label Jul 15, 2026
@thalha-a9

Copy link
Copy Markdown
Author

/gemini review

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request enhances the command substitution detection logic in shell-utils.ts by blocking variable expansions (such as ${VAR} and $VAR) for both Bash and PowerShell, while allowing a predefined set of safe automatic variables. It also adds comprehensive unit tests to verify these rules. The feedback highlights a critical vulnerability bypass in the PowerShell detection where scope-qualified variables (e.g., $true:SECRET) could bypass the block because the prefix matches a safe variable. Suggestions are provided to fix this bypass in the implementation and to add a corresponding test case.

Comment thread packages/core/src/utils/shell-utils.ts
Comment thread packages/core/src/utils/shell-utils.test.ts
thalha-a9 and others added 2 commits July 15, 2026 21:08
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@thalha-a9

Copy link
Copy Markdown
Author

/gemini review

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request enhances the detectCommandSubstitution utility in packages/core/src/utils/shell-utils.ts to block variable expansions and subexpressions for both Bash and PowerShell environments, while permitting a defined set of safe automatic variables (such as $_, $true, $false, $null, and $args). Comprehensive unit tests have been added in packages/core/src/utils/shell-utils.test.ts to verify these detection rules across different platforms. I have no feedback to provide.

@thalha-a9

Copy link
Copy Markdown
Author

@gemini-code-assist How long will it take to get merged?

@gemini-code-assist

Copy link
Copy Markdown
Contributor

I am an automated assistant and do not have visibility into the repository's internal merge process or the schedules of the maintainers. The timeline for merging depends on the project's review workflow, CI status, and maintainer availability. I recommend checking the repository's CONTRIBUTING.md file or reaching out to the project maintainers directly if you have questions about the status of your pull request.

@gemini-code-assist

Copy link
Copy Markdown
Contributor

I am an automated assistant and do not have access to the repository's team roster or contact information for specific maintainers. To identify the maintainers for this project, I recommend the following steps:

  • Check the CODEOWNERS file: Look for a file named CODEOWNERS in the root of the repository or the .github/ directory. This file often lists the individuals or teams responsible for reviewing and merging changes.
  • Review recent PR activity: Check the "Pull requests" tab and look at recently merged PRs to see which individuals are actively reviewing and merging code.
  • Check the CONTRIBUTING.md file: This file often contains information on how to reach out to the maintainers or the preferred communication channels for the project.
  • View the "People" tab: You can check the repository's main page on GitHub and look at the "Contributors" or "People" section to see who has administrative or write access to the repository.

@thalha-a9

Copy link
Copy Markdown
Author

@gemini-code-assist can i tag maintainers?

@gemini-code-assist

Copy link
Copy Markdown
Contributor

Yes, you can tag maintainers in a comment if you have a specific question or if the pull request has been pending for a significant amount of time. However, it is generally best practice to check the CODEOWNERS file or the project's CONTRIBUTING.md file first to see if there are specific instructions on how to request a review or contact maintainers. Please be mindful of their time and avoid excessive tagging.

@thalha-a9

Copy link
Copy Markdown
Author

Hello @kschaab, @SandyTao520, and @gundermanc,

Could a maintainer kindly approve the CI workflow run for this pull request?

This patch resolves the GHSA-wpqr-6v78-jr5g security bypass and introduces 120 regression tests to ensure platform stability. As I am an external contributor, the automated checks require manual approval to proceed.

Thank you for your time and assistance.

@thalha-a9

Copy link
Copy Markdown
Author

/gemini review once so that it is ready.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request enhances shell command substitution detection in packages/core/src/utils/shell-utils.ts by blocking variable expansions (such as ${VAR} and $VAR) for both bash and PowerShell, while allowing a set of safe automatic variables. Comprehensive unit tests have been added to validate these changes. The review feedback suggests optimizing the variable name extraction logic by using a sticky regular expression (/y flag) and setting lastIndex instead of slicing the command string inside loops, which prevents potential performance issues and CPU exhaustion on large inputs.

Comment thread packages/core/src/utils/shell-utils.ts Outdated
Comment thread packages/core/src/utils/shell-utils.ts
Comment thread packages/core/src/utils/shell-utils.ts
@thalha-a9

Copy link
Copy Markdown
Author

/gemini review once more and check if everything is ready to be merged.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request enhances the detectCommandSubstitution utility in packages/core/src/utils/shell-utils.ts to block variable expansions (such as $VAR and ${VAR}) and command substitutions on both Bash and PowerShell, while allowing a set of predefined safe automatic variables (e.g., $_, $true, $false, $null, $args). It also adds comprehensive unit tests in packages/core/src/utils/shell-utils.test.ts to validate these changes across different platforms. There are no review comments to address, and I have no additional feedback to provide.

…e detection

Replace `command.slice(i + 1).match(VAR_NAME_RE)` with sticky regex
(`/y` flag) and `VAR_NAME_RE.exec(command)` in both bash and PowerShell
variable expansion detection. This avoids creating a new substring on
every `$` character encountered, reducing worst-case complexity from
O(N²) to O(N).
@thalha-a9
thalha-a9 force-pushed the fix/variable-expansion-bypass branch from 5fa3104 to a3b06ef Compare July 18, 2026 16:16
@thalha-a9

Copy link
Copy Markdown
Author

/gemini review so that it is ready

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request enhances the detectCommandSubstitution utility in packages/core/src/utils/shell-utils.ts to block variable expansions (such as $VAR and ${VAR}) for both Bash and PowerShell, while allowing a set of safe automatic variables (e.g., $_ for Bash, and $true, $false, $null, $args, $_ for PowerShell). Comprehensive unit tests have been added in packages/core/src/utils/shell-utils.test.ts to verify these changes across different platforms. There are no review comments to address, and I have no additional feedback to provide.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/security Issues related to security priority/p1 Important and should be addressed in the near term. size/l A large sized PR size/m A medium sized PR

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Security: $VAR/${VAR} variable expansion bypass in detectBashSubstitution and detectPowerShellSubstitution (GHSA-wpqr-6v78-jr5g)

1 participant