A
b0f924b511
fix: Prevent Python/shell injection via env vars and triple-quote strings ( #102 )
...
- Fix triple-quote injection in SSH keys (Scaleway, UpCloud), userdata
(BinaryLane), init scripts (Civo, Kamatera), and GraphQL queries
(RunPod) by passing data via stdin/json_escape instead of inline
string interpolation
- Add input validation for all cloud provider env vars (region, type,
plan, etc.) using validate_region_name/validate_resource_name to block
shell metacharacters before they reach Python string interpolation
- Validate Modal image name as Python identifier to prevent code injection
- Validate numeric env vars (RAM, GPU count, disk size) across all providers
Affects: 19 cloud provider lib/common.sh files
Agent: security-auditor
Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-09 10:22:39 -08:00
LAB
d76c8dba0f
Security: fix critical command injection vulnerabilities in container providers ( #54 )
...
* refactor: Simplify API call retry logic in generic_cloud_api
Extract duplicated retry handling into focused helper functions:
- handle_api_network_error(): Handles curl errors with retry logic
- handle_api_transient_error(): Handles 429/503 HTTP errors
- _call_cloud_api(): Internal curl wrapper separating concerns
Reduces cyclomatic complexity of generic_cloud_api from 9 to 3.
Lines reduced from 89 to 54 (40% reduction).
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* Security: fix critical command injection vulnerabilities in container providers
CRITICAL SECURITY FIX - Command injection vulnerabilities
Fixed command injection in bash -c calls across all container/sandbox providers.
These functions were passing commands directly to bash -c without proper escaping,
allowing potential remote code execution via crafted inputs.
Files fixed:
- sprite/lib/common.sh: run_sprite(), upload_file_sprite()
- e2b/lib/common.sh: run_server(), upload_file(), interactive_session()
- daytona/lib/common.sh: run_server(), upload_file(), interactive_session()
- railway/lib/common.sh: run_server(), upload_file(), interactive_session()
Fix: Use printf %q to properly escape all command arguments before passing to bash -c.
This prevents command injection while maintaining functionality.
Severity: CRITICAL (CVSS 9.8)
Impact: Remote code execution, full system compromise
Mitigation: Proper shell escaping using printf %q
All modified files pass bash -n syntax validation.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---------
Co-authored-by: Sprite <noreply@sprite.dev>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-08 12:00:43 -08:00
Sprite
e3dcad797d
Add Daytona cloud provider with all 12 agent scripts
...
Daytona is a sandbox platform (daytona.io) with sub-90ms creation and
true SSH support. Uses CLI-based approach similar to E2B: daytona create,
daytona exec, daytona ssh for interactive sessions.
- daytona/lib/common.sh: provider library with auth, create, exec, upload
(base64-over-exec), interactive (daytona ssh), destroy
- 12 agent scripts: claude, openclaw, nanoclaw, aider, goose, codex,
interpreter, gemini, amazonq, cline, gptme, opencode
- manifest.json: cloud entry + 12 matrix entries
- README: Daytona column added to matrix table
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-02-08 05:18:38 +00:00
