From 4dbd137a30855d99ac9b04c4011fe270bcdf8a51 Mon Sep 17 00:00:00 2001 From: Jayant Kamble Date: Sat, 27 Jun 2026 11:22:47 +0530 Subject: [PATCH] fix(ssh): reject control characters in ssh_add_host_key inputs ssh_add_host_key writes the host/key_type/key into the line-oriented known_hosts file. Add a field validator on host/key/key_type that rejects ASCII control characters so a value with an embedded newline cannot inject additional known_hosts entries. --- .../action_providers/ssh/schemas.py | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/python/coinbase-agentkit/coinbase_agentkit/action_providers/ssh/schemas.py b/python/coinbase-agentkit/coinbase_agentkit/action_providers/ssh/schemas.py index 7a7e55efb..41d3e66da 100644 --- a/python/coinbase-agentkit/coinbase_agentkit/action_providers/ssh/schemas.py +++ b/python/coinbase-agentkit/coinbase_agentkit/action_providers/ssh/schemas.py @@ -6,7 +6,7 @@ @module ssh/schemas """ -from pydantic import BaseModel, Field +from pydantic import BaseModel, Field, field_validator from .connection import SSHConnectionParams @@ -87,3 +87,17 @@ class AddHostKeySchema(BaseModel): default="~/.ssh/known_hosts", description="Path to the known_hosts file", ) + + @field_validator("host", "key", "key_type") + @classmethod + def _reject_control_characters(cls, value: str) -> str: + r"""Reject ASCII control characters (newline, CR, NUL, etc.). + + ``ssh_add_host_key`` writes ``f"{host} {key_type} {key}\n"`` to the + line-oriented ``known_hosts`` file, so an embedded newline in any of + these fields would inject additional entries. Keeping them free of + control characters ensures each call writes a single, well-formed line. + """ + if any(ord(ch) < 0x20 or ord(ch) == 0x7F for ch in value): + raise ValueError("must not contain control characters (e.g. newlines)") + return value