Fix path injection in shim generation, JSON escaping, and legacy tracker compat

SihaoLiu · SihaoLiu · commit d122c8259102 · 2026-03-28T17:17:22.000-07:00
- Escape runtime paths in bitlesson-selector shim using single-quoted
  strings to prevent command injection via paths containing shell
  metacharacters
- JSON-escape runtime_root before template substitution in
  install-codex-hooks.sh to prevent JSON corruption from paths
  containing quotes or backslashes
- Allow goal-tracker edits on legacy trackers that lack the
  IMMUTABLE SECTION header instead of blocking all writes
diff --git a/hooks/lib/loop-common.sh b/hooks/lib/loop-common.sh
@@ -888,7 +888,8 @@ goal_tracker_mutable_update_allowed() {
     current_immutable=$(extract_goal_tracker_immutable_from_file "$tracker_file" 2>/dev/null || true)
     updated_immutable=$(extract_goal_tracker_immutable_from_text "$updated_content" 2>/dev/null || true)
 
-    [[ -n "$current_immutable" ]] || return 1
+    # Legacy trackers without IMMUTABLE SECTION: allow edits unconditionally.
+    [[ -n "$current_immutable" ]] || return 0
     [[ "$current_immutable" == "$updated_immutable" ]]
 }
 
diff --git a/scripts/install-codex-hooks.sh b/scripts/install-codex-hooks.sh
@@ -102,7 +102,10 @@ template_file = pathlib.Path(sys.argv[2])
 runtime_root = sys.argv[3]
 
 template_text = template_file.read_text(encoding="utf-8")
-template_text = template_text.replace("{{HUMANIZE_RUNTIME_ROOT}}", runtime_root)
+# JSON-escape the runtime root so metacharacters (quotes, backslashes) do not
+# corrupt the template before json.loads parses it.
+escaped_root = json.dumps(runtime_root)[1:-1]  # strip outer quotes from dumps output
+template_text = template_text.replace("{{HUMANIZE_RUNTIME_ROOT}}", escaped_root)
 template = json.loads(template_text)
 
 existing = {}
diff --git a/scripts/install-skill.sh b/scripts/install-skill.sh
@@ -343,18 +343,23 @@ install_bitlesson_selector_shim() {
 
     mkdir -p "$COMMAND_BIN_DIR"
 
-    cat > "$shim_path" <<EOF
+    # Escape paths for safe embedding in the generated script.
+    # Use single-quoted strings so shell metacharacters in paths are inert.
+    _escaped_primary=$(printf '%s' "$primary_runtime_root" | sed "s/'/'\\\\''/g")
+
+    cat > "$shim_path" <<SHIM_EOF
 #!/usr/bin/env bash
 set -euo pipefail
 
 candidate_paths=(
-  "$primary_runtime_root/scripts/bitlesson-select.sh"
-EOF
+  '${_escaped_primary}/scripts/bitlesson-select.sh'
+SHIM_EOF
 
     if [[ -n "$secondary_runtime_root" ]]; then
-        cat >> "$shim_path" <<EOF
-  "$secondary_runtime_root/scripts/bitlesson-select.sh"
-EOF
+        _escaped_secondary=$(printf '%s' "$secondary_runtime_root" | sed "s/'/'\\\\''/g")
+        cat >> "$shim_path" <<SHIM_EOF
+  '${_escaped_secondary}/scripts/bitlesson-select.sh'
+SHIM_EOF
     fi
 
     cat >> "$shim_path" <<'EOF'

Original file line number	Diff line number	Diff line change
`@@ -888,7 +888,8 @@ goal_tracker_mutable_update_allowed() {`
`888`	`888`	`current_immutable=$(extract_goal_tracker_immutable_from_file "$tracker_file" 2>/dev/null \|\| true)`
`889`	`889`	`updated_immutable=$(extract_goal_tracker_immutable_from_text "$updated_content" 2>/dev/null \|\| true)`
`890`	`890`
`891`		`- [[ -n "$current_immutable" ]] \|\| return 1`
	`891`	`+ # Legacy trackers without IMMUTABLE SECTION: allow edits unconditionally.`
	`892`	`+ [[ -n "$current_immutable" ]] \|\| return 0`
`892`	`893`	`[[ "$current_immutable" == "$updated_immutable" ]]`
`893`	`894`	`}`
`894`	`895`