fix(execute-command): throw on unresolved block refs, block env var override

waleedlatif1 · claude · waleedlatif1 · commit 3d0b07b55511 · 2026-03-05T13:47:24.000-08:00
- Throw a clear error when a block reference cannot be resolved instead
  of leaving raw &lt;blockName.output&gt; in the command (which the shell
  interprets as I/O redirection). Skip special prefixes (variable, loop,
  parallel) which are handled by their own collectors.

- Filter user-supplied env vars to prevent overriding safe base env keys
  (PATH, HOME, SHELL, etc.) and block process-influencing variables
  (LD_PRELOAD, BASH_ENV, DYLD_INSERT_LIBRARIES, etc.).

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/apps/sim/app/api/tools/execute-command/run/route.ts b/apps/sim/app/api/tools/execute-command/run/route.ts
@@ -4,7 +4,7 @@ import { type NextRequest, NextResponse } from 'next/server'
 import { checkInternalAuth } from '@/lib/auth/hybrid'
 import { isExecuteCommandEnabled } from '@/lib/core/config/feature-flags'
 import { generateRequestId } from '@/lib/core/utils/request'
-import { normalizeName, REFERENCE } from '@/executor/constants'
+import { normalizeName, REFERENCE, SPECIAL_REFERENCE_PREFIXES } from '@/executor/constants'
 import { type OutputSchema, resolveBlockReference } from '@/executor/utils/block-reference'
 import {
   createEnvVarPattern,
@@ -35,6 +35,31 @@ function getSafeBaseEnv(): NodeJS.ProcessEnv {
   return env
 }
 
+const BLOCKED_ENV_KEYS = new Set([
+  ...SAFE_ENV_KEYS,
+  'NODE_ENV',
+  'LD_PRELOAD',
+  'LD_LIBRARY_PATH',
+  'DYLD_INSERT_LIBRARIES',
+  'BASH_ENV',
+  'ENV',
+])
+
+/**
+ * Filters user-supplied env vars to prevent overriding safe base env
+ * and injecting process-influencing variables.
+ */
+function filterUserEnv(env?: Record<string, string>): Record<string, string> {
+  if (!env) return {}
+  const filtered: Record<string, string> = {}
+  for (const [key, value] of Object.entries(env)) {
+    if (!BLOCKED_ENV_KEYS.has(key)) {
+      filtered[key] = value
+    }
+  }
+  return filtered
+}
+
 interface Replacement {
   index: number
   length: number
@@ -135,6 +160,12 @@ function collectTagReplacements(
     })
 
     if (!result) {
+      const isSpecialPrefix = SPECIAL_REFERENCE_PREFIXES.some((prefix) => blockName === prefix)
+      if (!isSpecialPrefix) {
+        throw new Error(
+          `Block reference "<${tagName}>" could not be resolved. Check that the block name and field path are correct.`
+        )
+      }
       continue
     }
 
@@ -207,7 +238,7 @@ function executeCommand(
         timeout: options.timeout,
         cwd: options.cwd || undefined,
         maxBuffer: MAX_BUFFER,
-        env: { ...getSafeBaseEnv(), ...options.env },
+        env: { ...getSafeBaseEnv(), ...filterUserEnv(options.env) },
       },
       (error, stdout, stderr) => {
         if (error) {
