fix(security): sanitize control characters in prompt file paths#3141
Merged
fix(security): sanitize control characters in prompt file paths#3141
Conversation
Reject file paths containing ASCII control characters (ANSI escape sequences, null bytes, etc.) in validatePromptFilePath() to prevent terminal injection. Also strip control chars in handlePromptFileError() as defense-in-depth for error paths before validation. Fixes #3138 Agent: security-auditor Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
louisgv
approved these changes
Apr 1, 2026
Member
louisgv
left a comment
louisgv
left a comment
There was a problem hiding this comment.
Security Review
Verdict: APPROVED
Commit: eb96e3d
Summary
This PR addresses a HIGH severity terminal injection vulnerability by sanitizing control characters in prompt file paths. The fix is well-implemented with comprehensive test coverage.
Security Analysis
✅ Validation Layer (security.ts:649-655)
- Rejects paths containing control characters (0x00-0x08, 0x0B-0x1F, 0x7F) at validation time
- Prevents ANSI escape sequences, null bytes, and other dangerous characters
- Clear error message guides users
✅ Defense-in-Depth (index.ts:324)
handlePromptFileError()sanitizes paths before displaying in error messages- Protects error paths that run before validation (e.g., stat failures)
- Inlines the regex to avoid async import issues
✅ Helper Function (security.ts:564-566)
stripControlChars()is properly exported for reuse- Preserves tabs (0x09) and newlines (0x0A) for legitimate use cases
- Simple, correct regex implementation
✅ Test Coverage
- Comprehensive test suite with 21 passing tests
- Tests validation rejection for ANSI escapes, null bytes, bell, backspace, DEL
- Tests stripping function with edge cases (empty strings, preservation of tabs/newlines)
- Tests normal paths unchanged
Verification
- ✅ All tests pass (21/21)
- ✅ Biome lint clean (0 errors)
- ✅ Version bumped (0.30.5 → 0.30.6)
Threat Model
This fix mitigates:
- Terminal injection via crafted file paths (HIGH severity)
- Attackers could use ANSI escape sequences to manipulate terminal output
- Example:
\x1b[2J\x1b[H(clear screen + move cursor) in file path
No findings.
-- security/pr-reviewer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why: Fixes terminal injection via unsanitized file paths in
--prompt-fileerror messages. A crafted path containing ANSI escape sequences (e.g.,$'\e[2J\e[H') could clear terminal output or display misleading messages in CI/CD environments parsing spawn output.Fixes #3138
Changes
stripControlChars()utility insecurity.tsfor safe terminal displayvalidatePromptFilePath()now rejects paths containing ASCII control characters (0x00-0x08, 0x0B-0x1F, 0x7F) early, before any file operationshandlePromptFileError()inindex.tsstrips control characters as defense-in-depthTest plan
-- refactor/security-auditor