From e722359e874b5c3469ac3720edb6151b560705b1 Mon Sep 17 00:00:00 2001 From: haseeb-heaven <11544739+haseeb-heaven@users.noreply.github.com> Date: Sat, 4 Jul 2026 12:12:23 +0000 Subject: [PATCH] Fix command injection in utility manager file opener Replaced `subprocess.call(['start', filename], shell=True)` with secure `os.startfile(filename)` when opening files on Windows to prevent command injection vulnerabilities. Added Sentinel learning journal entry. --- .jules/sentinel.md | 4 ++++ libs/utility_manager.py | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 .jules/sentinel.md diff --git a/.jules/sentinel.md b/.jules/sentinel.md new file mode 100644 index 0000000..0081571 --- /dev/null +++ b/.jules/sentinel.md @@ -0,0 +1,4 @@ +## 2025-03-05 - Windows Command Injection via subprocess.call +**Vulnerability:** Command Injection vulnerability exists when using `subprocess.call(['start', filename], shell=True)` because `shell=True` on Windows allows attackers to execute arbitrary shell commands if the filename contains shell metacharacters (e.g. `&` or `^`), even if it passes `os.path.isfile()`. +**Learning:** Checking if a file exists (`os.path.isfile()`) is insufficient to prevent command injection on Windows when `shell=True` is used, because legal Windows filenames can contain metacharacters that the shell interprets. +**Prevention:** Always prefer `os.startfile(filename)` over `subprocess.call` with `shell=True` for opening files on Windows. diff --git a/libs/utility_manager.py b/libs/utility_manager.py index e62d1a5..95de28f 100644 --- a/libs/utility_manager.py +++ b/libs/utility_manager.py @@ -43,7 +43,7 @@ def _open_resource_file(self, filename): try: if os.path.isfile(filename): if platform.system() == "Windows": - subprocess.call(['start', filename], shell=True) + os.startfile(filename) elif platform.system() == "Darwin": subprocess.call(['open', filename]) elif platform.system() == "Linux":