diff --git a/.jules/sentinel.md b/.jules/sentinel.md new file mode 100644 index 0000000..8e6b540 --- /dev/null +++ b/.jules/sentinel.md @@ -0,0 +1,4 @@ +## 2024-07-03 - Windows File Launch Command Injection +**Vulnerability:** `subprocess.call(['start', filename], shell=True)` was used to open files on Windows, creating a command injection risk even with `os.path.isfile()` checks, as legal filenames can contain shell metacharacters (`&`, `^`). +**Learning:** Using `shell=True` with `start` on user-controlled or external paths is inherently unsafe on Windows because the shell parses metacharacters before the application opens the file. +**Prevention:** Always use `os.startfile(filename)` for opening files natively on Windows, bypassing the shell entirely. diff --git a/libs/utility_manager.py b/libs/utility_manager.py index e62d1a5..95de28f 100644 --- a/libs/utility_manager.py +++ b/libs/utility_manager.py @@ -43,7 +43,7 @@ def _open_resource_file(self, filename): try: if os.path.isfile(filename): if platform.system() == "Windows": - subprocess.call(['start', filename], shell=True) + os.startfile(filename) elif platform.system() == "Darwin": subprocess.call(['open', filename]) elif platform.system() == "Linux":