security: base64-encode cmd in _sprite_exec to prevent injection (#2803)

Apply the same base64 encoding mitigation used by all other cloud drivers (aws, hetzner, digitalocean, gcp). The command is encoded locally, validated for safe characters, then decoded and executed on the remote side via `base64 -d | bash`. Fixes #2800 Agent: security-auditor Co-authored-by: B <6723574+louisgv@users.noreply.github.com> Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-04-29 20:39:29 +00:00 · 2026-03-19 13:19:07 -07:00 · 2026-03-19 13:19:07 -07:00 · 8d76ad90d3
commit 8d76ad90d3
parent 1d0349cc23
1 changed files with 15 additions and 3 deletions
--- a/sh/e2e/lib/clouds/sprite.sh
+++ b/sh/e2e/lib/clouds/sprite.sh
@ -193,11 +193,23 @@ _sprite_exec() {
  local _stderr_tmp
  _stderr_tmp=$(mktemp /tmp/sprite-exec-err.XXXXXX) || return 1

+  # Base64-encode the command to prevent shell injection when passed to the
+  # remote bash. The encoded string contains only [A-Za-z0-9+/=] characters,
+  # making it safe to pipe through the sprite CLI exec interface.
+  local encoded_cmd
+  encoded_cmd=$(printf '%s' "${cmd}" | base64 | tr -d '\n')
+
+  # Validate base64 output contains only safe characters (defense-in-depth).
+  if ! printf '%s' "${encoded_cmd}" | grep -qE '^[A-Za-z0-9+/=]+$'; then
+    rm -f "${_stderr_tmp}"
+    return 1
+  fi
+
  while [ "${_attempt}" -lt "${_max}" ]; do
    _sprite_fix_config
-    # Pipe the command via stdin to avoid interpolating it into the remote
-    # command string — eliminates shell injection risk.
-    printf '%s' "${cmd}" | _sprite_cmd exec -s "${app}" -- bash 2>"${_stderr_tmp}"
+    # Decode and execute on the remote side — the encoded payload is safe
+    # against shell metacharacters (;, |, $(), backticks).
+    printf '%s' "${encoded_cmd}" | _sprite_cmd exec -s "${app}" -- bash -c 'base64 -d | bash' 2>"${_stderr_tmp}"
    local _rc=$?
    if [ "${_rc}" -eq 0 ]; then
      rm -f "${_stderr_tmp}"