Skip to content

security: add env var poisoning rule, update CVE tracker to 50#121

Merged
cyyever merged 1 commit intomainfrom
security/env-var-poisoning
Mar 20, 2026
Merged

security: add env var poisoning rule, update CVE tracker to 50#121
cyyever merged 1 commit intomainfrom
security/env-var-poisoning

Conversation

@cyyever
Copy link
Collaborator

@cyyever cyyever commented Mar 20, 2026

Summary

New locked rule: detect-env-var-poisoning

  • Blocks export/typeset/declare/readonly of 20 security-sensitive env vars
  • PERL5OPT, LD_PRELOAD, NODE_OPTIONS, BASH_ENV, PYTHONWARNINGS, GIT_SSH_COMMAND, PROMPT_COMMAND, etc.
  • Defends against CVE-2026-22708 (Cursor Auto-Run bypass via env var poisoning)

CVE tracker: 45 β†’ 50 (38 full, 4 partial, 8 not defensible)

CVE Product CVSS Defense
CVE-2026-25725 Claude Code 7.7 Full β€” protect-agent-config
CVE-2026-22708 Cursor 8.6 Full β€” new detect-env-var-poisoning rule
CVE-2026-21523 Copilot/VS Code 8.0 None β€” IDE-internal TOCTOU
CVE-2026-26118 Azure MCP Server 8.8 None β€” server-side SSRF
CVE-2026-4270 AWS MCP Server 6.3 Partial β€” DLP catches secrets

10 new CVE regression tests (8 blocked env vars + legitimate vars allowed + sandbox escape)

Test plan

  • All new CVE tests pass with -race
  • All pre-commit hooks pass (rule lint, rule coverage, doc consistency, security tests, go test)
  • Legitimate env var usage (PATH, HOME, GOPATH) is not blocked
  • Doc consistency: README "34 security rules (31 locked)", CVE tracker "50", cli.md updated

@cyyever
security: add env var poisoning rule, update CVE tracker to 50
2934cf1 
New rule: detect-env-var-poisoning (locked)
- Blocks export/typeset/declare of security-sensitive env vars
  (PERL5OPT, LD_PRELOAD, NODE_OPTIONS, BASH_ENV, etc.)
- Defends against CVE-2026-22708 (Cursor Auto-Run bypass)

CVE tracker: 45 β†’ 50 (38 full, 4 partial, 8 not defensible)
- CVE-2026-25725: Claude Code sandbox escape β€” Full
- CVE-2026-22708: Cursor env var poisoning β€” Full (new rule)
- CVE-2026-21523: Copilot TOCTOU β€” Not defensible
- CVE-2026-26118: Azure MCP SSRF β€” Not defensible
- CVE-2026-4270: AWS MCP path traversal β€” Partial

10 new CVE regression tests.
@cyyever cyyever merged commit e3f87ef into main Mar 20, 2026
16 checks passed
@cyyever cyyever deleted the security/env-var-poisoning branch March 20, 2026 13:29
cyyever added a commit that referenced this pull request Mar 24, 2026
@cyyever
docs: fix stale pipeline step count, rule count, and MCP command syntax
ec7a0ad 
- plugins.md: 14-step β†’ 17-step pipeline (steps added in #121, #130, #133)
- README.md: 35/32 β†’ 37/34 rules (34 YAML + 3 dynamic, 34 locked)
- mcp.md: crust wrap --upstream β†’ crust mcp http --upstream
- doc_consistency_test.go: update expected counts to match README
@cyyever cyyever mentioned this pull request Mar 24, 2026
Merged
2 tasks
cyyever added a commit that referenced this pull request Mar 24, 2026
@cyyever
docs: fix stale pipeline step count, rule count, and MCP command synt…
5597cc5 
…ax (#138)

- plugins.md: 14-step β†’ 17-step pipeline (steps added in #121, #130, #133)
- README.md: 35/32 β†’ 37/34 rules (34 YAML + 3 dynamic, 34 locked)
- mcp.md: crust wrap --upstream β†’ crust mcp http --upstream
- doc_consistency_test.go: update expected counts to match README
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cyyever