harden sandbox escape vectors for bash disabled/restricted modes (#257)

* harden sandbox escape vectors for bash disabled/restricted modes

block git config injection (-c flag as subcommand), dangerous subcommands
(config, submodule, rebase, bisect), code-executing arg flags (--exec,
--extcmd), .gitattributes/.gitmodules writes, and package lifecycle scripts.
add retry logic to test runner for transient failures. add security unit
tests and adhoc attack tests.

Co-authored-by: Cursor <cursoragent@cursor.com>

* only filter subcommands in nobash, remove nobash from ui

* use regex matching

* iterate on tests

* simplify githooks

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
David Blass
2026-02-11 02:02:41 +00:00
committed by pullfrog[bot]
parent f37d02b292
commit bc28c658f2
32 changed files with 2515 additions and 1048 deletions
+6 -1
View File
@@ -24,8 +24,13 @@ export interface UnknownLanguagePrepResult extends PrepResultBase {
export type PrepResult = NodePrepResult | PythonPrepResult | UnknownLanguagePrepResult;
export type PrepOptions = {
/** when true, lifecycle scripts (postinstall, etc.) are suppressed */
ignoreScripts: boolean;
};
export interface PrepDefinition {
name: string;
shouldRun: () => Promise<boolean> | boolean;
run: () => Promise<PrepResult>;
run: (options: PrepOptions) => Promise<PrepResult>;
}