From 72c55f3862f606e6362566ada38eee1fe3d693cf Mon Sep 17 00:00:00 2001 From: haseeb-heaven <11544739+haseeb-heaven@users.noreply.github.com> Date: Thu, 18 Jun 2026 12:14:58 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[CRITICAL]?= =?UTF-8?q?=20Fix=20command=20injection=20in=20file=20opening?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replaced `subprocess.call` with `os.startfile` when opening natively on Windows to prevent arbitrary command injection. --- .jules/sentinel.md | 4 ++++ libs/utility_manager.py | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 .jules/sentinel.md diff --git a/.jules/sentinel.md b/.jules/sentinel.md new file mode 100644 index 0000000..a5e7e4c --- /dev/null +++ b/.jules/sentinel.md @@ -0,0 +1,4 @@ +## 2024-06-18 - Prevent Command Injection via os.startfile on Windows +**Vulnerability:** Command injection vulnerability via `subprocess.call(['start', filename], shell=True)` in `_open_resource_file`. +**Learning:** Windows filenames can legally contain shell metacharacters like `&` and `^`. An `os.path.isfile()` check is insufficient to prevent command injection if `shell=True` is used. +**Prevention:** Prefer using `os.startfile(filename)` over `subprocess.call` with `shell=True` when opening files natively on Windows. diff --git a/libs/utility_manager.py b/libs/utility_manager.py index e62d1a5..95de28f 100644 --- a/libs/utility_manager.py +++ b/libs/utility_manager.py @@ -43,7 +43,7 @@ def _open_resource_file(self, filename): try: if os.path.isfile(filename): if platform.system() == "Windows": - subprocess.call(['start', filename], shell=True) + os.startfile(filename) elif platform.system() == "Darwin": subprocess.call(['open', filename]) elif platform.system() == "Linux":