Prevent ssh command injection

spoorcc · spoorcc · commit aee67c28d792 · 2026-04-20T20:24:27.000Z
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -14,6 +14,7 @@ Release 0.14.0 (unreleased)
 * Fix "unsafe symlink target" error for archives containing relative ``..`` symlinks (#1122)
 * Fix ``dfetch add`` crashing with a ``ValueError`` when the remote URL has a trailing slash (#1137)
 * Fix arbitrary file write via malicious tar/zip symlink (#0)
+* Prevent ssh command injection (#0)
 
 Release 0.13.0 (released 2026-03-30)
 ====================================
diff --git a/dfetch/vcs/git.py b/dfetch/vcs/git.py
@@ -29,12 +29,27 @@
 logger = get_logger(__name__)
 
 
+_SHELL_METACHAR_RE = re.compile(r"[;&|`$(){}<>\n\r!]")
+
+
+def _sanitize_ssh_cmd(ssh_cmd: str, source: str) -> str | None:
+    """Return *ssh_cmd* if it is safe to use, otherwise log a warning and return None."""
+    if _SHELL_METACHAR_RE.search(ssh_cmd):
+        logger.warning(
+            "Ignoring %s: contains unsafe shell characters, falling back to 'ssh'",
+            source,
+        )
+        return None
+    return ssh_cmd
+
+
 def _build_git_ssh_command() -> str:
     """Returns a safe SSH command string for Git that enforces non-interactive mode.
 
     Respects existing GIT_SSH_COMMAND and git core.sshCommand.
     """
-    ssh_cmd = os.environ.get("GIT_SSH_COMMAND")
+    raw = os.environ.get("GIT_SSH_COMMAND")
+    ssh_cmd = _sanitize_ssh_cmd(raw, "GIT_SSH_COMMAND") if raw else None
 
     if not ssh_cmd:
 
@@ -43,7 +58,10 @@ def _build_git_ssh_command() -> str:
                 logger,
                 ["git", "config", "--get", "core.sshCommand"],
             )
-            ssh_cmd = result.stdout.decode().strip()
+            raw_config = result.stdout.decode().strip()
+            ssh_cmd = (
+                _sanitize_ssh_cmd(raw_config, "core.sshCommand") if raw_config else None
+            )
 
         except SubprocessCommandError:
             ssh_cmd = None
diff --git a/tests/test_git_vcs.py b/tests/test_git_vcs.py
@@ -225,6 +225,30 @@ def test_ls_remote():
             None,
             "ssh -o BatchMode=yes",
         ),
+        (
+            "injection via semicolon in env var",
+            "ssh; rm -rf /",
+            None,
+            "ssh -o BatchMode=yes",
+        ),
+        (
+            "injection via pipe in env var",
+            "ssh | evil",
+            None,
+            "ssh -o BatchMode=yes",
+        ),
+        (
+            "injection via subshell in git config",
+            None,
+            "$(evil_cmd)",
+            "ssh -o BatchMode=yes",
+        ),
+        (
+            "injection via backtick in env var",
+            "ssh `evil`",
+            None,
+            "ssh -o BatchMode=yes",
+        ),
     ],
 )
 def test_build_git_ssh_command(name, env_ssh, git_config_ssh, expected):
