fix: avoid shell=True where possible to prevent RCE via shell injection#5378
Open
Sarthak816 wants to merge 4 commits into
Open
fix: avoid shell=True where possible to prevent RCE via shell injection#5378Sarthak816 wants to merge 4 commits into
Sarthak816 wants to merge 4 commits into
Conversation
Fixes Aider-AI#5307 - on OpenBSD and other platforms without pre-built wheels, tree-sitter-c-sharp builds from source. Versions 0.23.1-0.23.4 do not bundle the tree_sitter/parser.h header, causing the C compiler to fail with 'fatal error: tree_sitter/parser.h not found'. Updated tree-sitter-c-sharp to 0.23.5 which includes the necessary headers for source builds. Changes: - requirements.txt: 0.23.1 -> 0.23.5 - requirements/common-constraints.txt: 0.23.1 -> 0.23.5 - requirements/tree-sitter.in: added tree-sitter-c-sharp>=0.23.5 constraint with explanatory comment
Fixes Aider-AI#5358 - adds type annotations to all public functions across 4 core modules: - aider/main.py: ~20 functions typed (entry points, argument parsing, git setup) - aider/commands.py: ~45 methods typed (all user-facing / commands + helpers) - aider/io.py: ~25 methods typed (InputOutput class + helpers) - aider/models.py: ~40 methods typed (ModelInfoManager, Model class, module-level functions) Key implementation decisions: - Added from __future__ import annotations to all files for forward reference support - Used Optional, Union, Any, Callable, TextIO from typing as appropriate - NoRuntime for functions that always raise exceptions (Sys.exit, SwitchCoder) - Used None return type for functions that sometimes return and sometimes raise
Fixes Aider-AI#5376 - Aider was silently bypassing pre-commit hooks by applying --no-verify to all git commits. This is a security risk for projects relying on pre-commit hooks for SAST scanning, secret detection, and code formatting. Changed the default of --git-commit-verify from False to True in aider/args.py, so pre-commit hooks are now honored by default. Users who need to bypass hooks can explicitly opt in with --no-git-commit-verify.
Fixes Aider-AI#5375 - Remote Code Execution via unescaped cmd parameter with shell=True Changes: 1. aider/run_cmd.py: - Added _has_shell_operators() helper that detects shell metacharacters outside of quoted strings - Modified run_cmd_subprocess to prefer list-based subprocess execution (shell=False) for commands without shell operators - Falls back to shell=True only for commands containing pipes, redirects, chaining, or other shell features 2. aider/commands.py: - Modified cmd_git() to use shlex.split() + list-based subprocess.run with shell=False - Git commands don't need shell features, so shell=True was unnecessary
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #5375 - Remote Code Execution via unescaped cmd parameter with shell=True
This PR addresses the RCE concern by avoiding
shell=Truewhere possible, falling back only for commands that genuinely need shell interpretation.Changes:
1.
aider/run_cmd.py_has_shell_operators()helper that detects shell metacharacters (|,&,;,$,`,(),&&,||,>>,<<)outside of quoted strings using regex
run_cmd_subprocess()to:shlex.split()to build a list and execute withshell=Falseshlex.split()fails: fall back toshell=True2.
aider/commands.pycmd_git()to useshlex.split()+ list-basedsubprocess.run()withshell=Falseshell=Truewas unnecessarySecurity impact:
/gitcommand no longer passes through the shell at all