diff --git a/.jules/sentinel.md b/.jules/sentinel.md new file mode 100644 index 0000000..b607ea5 --- /dev/null +++ b/.jules/sentinel.md @@ -0,0 +1,4 @@ +## 2024-05-30 - Command Injection in Windows File Launch +**Vulnerability:** \`subprocess.call(['start', filename], shell=True)\` was used to open files on Windows, allowing arbitrary command execution if the filename contained shell metacharacters like \`&\` or \`^\`. +**Learning:** \`os.path.isfile()\` verification is insufficient to prevent command injection because Windows filenames can legally contain shell metacharacters. +**Prevention:** Use \`os.startfile()\` which executes the file natively without invoking \`cmd.exe\`. diff --git a/libs/utility_manager.py b/libs/utility_manager.py index e62d1a5..feb227c 100644 --- a/libs/utility_manager.py +++ b/libs/utility_manager.py @@ -43,7 +43,8 @@ def _open_resource_file(self, filename): try: if os.path.isfile(filename): if platform.system() == "Windows": - subprocess.call(['start', filename], shell=True) + # 🛡️ Sentinel: Prevent command injection by avoiding shell=True for file execution + os.startfile(filename) elif platform.system() == "Darwin": subprocess.call(['open', filename]) elif platform.system() == "Linux":