fix(ssh): reject control characters in ssh_add_host_key inputs#1347
Open
jayantkamble10000 wants to merge 1 commit into
Open
fix(ssh): reject control characters in ssh_add_host_key inputs#1347jayantkamble10000 wants to merge 1 commit into
jayantkamble10000 wants to merge 1 commit into
Conversation
🟡 Heimdall Review Status
|
ssh_add_host_key writes the host/key_type/key into the line-oriented known_hosts file. Add a field validator on host/key/key_type that rejects ASCII control characters so a value with an embedded newline cannot inject additional known_hosts entries.
jayantkamble10000
force-pushed
the
fix/ssh-add-host-key-validation
branch
from
241cc89 to
4dbd137
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
The
ssh_add_host_keyaction builds aknown_hostsline from the host, key_type, and key fields and writes it to the line-oriented known_hosts file. Thehost,key, andkey_typefields onAddHostKeySchemaare only length-validated, so a value containing a newline can write more than one line intoknown_hosts.Why
known_hostsis line-oriented; an embedded newline in any of these fields breaks the one-entry-per-line invariant and lets a single call add extra entries. Rejecting control characters keeps each call to a single, well-formed entry.Change
python/coinbase-agentkit/coinbase_agentkit/action_providers/ssh/schemas.py— add afield_validatoronhost,key, andkey_typeinAddHostKeySchemathat rejects ASCII control characters (newline, CR, NUL, etc.).