Skip to content

fix(init): harden install command execution#1045

Merged
betegon merged 17 commits into
mainfrom
fix/init-command-tool-safety
Jun 5, 2026
Merged

fix(init): harden install command execution#1045
betegon merged 17 commits into
mainfrom
fix/init-command-tool-safety

Conversation

@betegon

@betegon betegon commented Jun 1, 2026

Copy link
Copy Markdown
Member

Summary

Hardens the local sentry init command runner for install recovery. Windows now only uses shell execution for resolved .cmd/.bat shims, while regular .exe commands stay shell-free. The validator also blocks recursive Sentry setup variants and Windows shell expansion characters without adding a package-manager allowlist.

Test Plan

  • pnpm exec vitest run test/lib/init/tools/run-commands.test.ts test/lib/init/tools/run-commands-spawn.mocked.test.ts
  • pnpm exec biome check --no-errors-on-unmatched src/lib/init/tools/command-utils.ts src/lib/init/tools/run-commands.ts test/lib/init/tools/run-commands.test.ts test/lib/init/tools/run-commands-spawn.mocked.test.ts
  • pnpm run generate:schema && pnpm run test:changed — 89 files passed, 2056 tests passed, 7 skipped

@github-actions

github-actions Bot commented Jun 1, 2026
edited
Loading

Copy link
Copy Markdown
Contributor
PR Preview Action v1.8.1

QR code for preview link

🚀 View preview at
https://cli.sentry.dev/_preview/pr-1045/

Built to branch gh-pages at 2026-06-05 17:02 UTC.
Preview will be ready when the GitHub Pages deployment is complete.

@github-actions

github-actions Bot commented Jun 1, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Codecov Results 📊

✅ Patch coverage is 100.00%. Project has 4831 uncovered lines.
✅ Project coverage is 81.52%. Comparing base (base) to head (head).

Files with missing lines (1)
File Patch % Lines
src/lib/init/tools/command-utils.ts 100.00% ⚠️ 1 partials
Coverage diff 
@@            Coverage Diff             @@
##          main       #PR       +/-##
==========================================
+ Coverage    81.44%    81.52%    +0.08%
==========================================
  Files          373       373         —
  Lines        26090     26141       +51
  Branches     17015     17052       +37
==========================================
+ Hits         21248     21310       +62
- Misses        4842      4831       -11
- Partials      1769      1770        +1

Generated by Codecov Action

sentry-warden[bot]
sentry-warden Bot reviewed Jun 1, 2026
View reviewed changes

@sentry-warden sentry-warden Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BLOCKED_EXECUTABLES can be bypassed on Windows via cmd.exe or powershell.exe indirection (src/lib/init/tools/command-utils.ts:65)

Windows shell interpreters cmd, powershell, and pwsh are absent from BLOCKED_EXECUTABLES, so a command like cmd.exe /c del sensitive_file passes all validation: no shell metacharacter, first token normalizes to "cmd" which is not blocked, and the del token is never checked against the blocklist because only the first token is validated.

Evidence
  • validateCommand calls normalizeExecutableName(firstToken) and checks only that against BLOCKED_EXECUTABLES (line 307-308).
  • normalizeExecutableName("cmd.exe") strips the .exe extension and returns "cmd", which is not present in BLOCKED_EXECUTABLES.
  • Tokens like del, curl, wget, bash appear at positions >0 and are never checked, so cmd.exe /c del secrets.txt or powershell.exe -Command Invoke-WebRequest http://evil.com pass validation and are executed by spawn with shell: false in runSingleCommand.
  • cd, pushd, popd were just added to the blocklist in this hunk, confirming the intent to block indirect shell builtins, but cmd/powershell/pwsh were not added.

Identified by Warden security-review

sentry-warden[bot]
sentry-warden Bot reviewed Jun 1, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts
@betegon

betegon commented Jun 1, 2026

Copy link
Copy Markdown
Member Author

Fixed the Windows shell-interpreter bypass in 56e1237a by blocking cmd, powershell, and pwsh after executable normalization. Added validation regressions for cmd.exe, path-prefixed cmd.exe, powershell.exe, and pwsh.

sentry-warden[bot]
sentry-warden Bot reviewed Jun 1, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts Outdated
@betegon betegon marked this pull request as ready for review June 1, 2026 19:35
sentry-warden[bot]
sentry-warden Bot reviewed Jun 1, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts Outdated
Comment thread src/lib/init/tools/run-commands.ts Outdated
sentry[bot]
sentry Bot reviewed Jun 1, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts Outdated
sentry[bot]
sentry Bot reviewed Jun 1, 2026
View reviewed changes
Comment thread src/lib/init/tools/run-commands.ts
sentry[bot]
sentry Bot reviewed Jun 1, 2026
View reviewed changes
Comment thread src/lib/init/tools/run-commands.ts
cursor[bot]
cursor Bot reviewed Jun 1, 2026
View reviewed changes
Comment thread src/lib/init/tools/run-commands.ts
sentry-warden[bot]
sentry-warden Bot reviewed Jun 1, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts Outdated
Comment thread src/lib/init/tools/command-utils.ts
cursor[bot]
cursor Bot reviewed Jun 1, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts Outdated
sentry[bot]
sentry Bot reviewed Jun 5, 2026
View reviewed changes
Comment thread src/lib/init/tools/run-commands.ts
cursor[bot]
cursor Bot reviewed Jun 5, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts Outdated
sentry[bot]
sentry Bot reviewed Jun 5, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts Outdated
Comment thread src/lib/init/tools/run-commands.ts
cursor[bot]
cursor Bot reviewed Jun 5, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts Outdated
sentry-warden[bot]
sentry-warden Bot reviewed Jun 5, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts Outdated
Comment thread src/lib/init/tools/command-utils.ts
Comment thread src/lib/init/tools/run-commands.ts
cursor[bot]
cursor Bot reviewed Jun 5, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts Outdated
Comment thread src/lib/init/tools/command-utils.ts Outdated
Comment thread src/lib/init/tools/command-utils.ts Outdated
sentry-warden[bot]
sentry-warden Bot reviewed Jun 5, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts
cursor[bot]
cursor Bot reviewed Jun 5, 2026
View reviewed changes

@cursor cursor Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 79496a6. Configure here.

Comment thread src/lib/init/tools/command-utils.ts Outdated
sentry[bot]
sentry Bot reviewed Jun 5, 2026
View reviewed changes
Comment thread src/lib/init/tools/run-commands.ts
sentry[bot]
sentry Bot reviewed Jun 5, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts Outdated
sentry-warden[bot]
sentry-warden Bot reviewed Jun 5, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts
sentry-warden[bot]
sentry-warden Bot reviewed Jun 5, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts Outdated
sentry-warden[bot]
sentry-warden Bot reviewed Jun 5, 2026
View reviewed changes
Comment thread src/lib/init/tools/run-commands.ts
sentry-warden[bot]
sentry-warden Bot reviewed Jun 5, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts Outdated
sentry[bot]
sentry Bot reviewed Jun 5, 2026
View reviewed changes
Comment thread src/lib/init/tools/command-utils.ts
@betegon betegon merged commit 329f5c5 into main Jun 5, 2026
29 checks passed
@betegon betegon deleted the fix/init-command-tool-safety branch June 5, 2026 17:12
@sentry-release-bot sentry-release-bot Bot mentioned this pull request Jun 8, 2026
Closed
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

@sentry-warden sentry-warden[bot] sentry-warden[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@betegon