Description
The filterToDefinedArgumentsOnly function in the executor is intended to discard any arguments not explicitly defined in the action's configuration. However, a special case allows any argument whose name starts with ot_ to bypass this filter. While two system arguments (ot_executionTrackingId and ot_username) are injected by OliveTin and overridden, all other ot_-prefixed arguments supplied by the user pass through unmodified.
These bypassed arguments are:
- Not type-checked — the validation loop only iterates over the action's defined arguments, so
ot_-prefixed arguments skip all type safety checks entirely.
- Set as environment variables — via
buildEnv(), with completely unvalidated values, and passed to the executed command.
- Included in the template context — available as
.Arguments.ot_* in template rendering.
Affected Code
Filter bypass — service/internal/executor/executor.go (lines 728–731):
func keepArgument(name string, definedNames map[string]struct{}) bool {
_, ok := definedNames[name]
return ok || strings.HasPrefix(name, "ot_")
}System args only override two keys — service/internal/executor/executor.go (lines 742–745):
func injectSystemArgs(req *ExecutionRequest) {
req.Arguments["ot_executionTrackingId"] = req.TrackingID
req.Arguments["ot_username"] = req.AuthenticatedUser.Username
}Any other ot_-prefixed argument (e.g., ot_malicious) survives both functions.
Unvalidated values become environment variables — service/internal/executor/executor.go (lines 867–882):
func buildEnv(args map[string]string) []string {
ret := append(os.Environ(), "OLIVETIN=1")
for k, v := range args {
varName := fmt.Sprintf("%v", strings.TrimSpace(strings.ToUpper(k)))
if varName == "" { continue }
ret = append(ret, fmt.Sprintf("%v=%v", varName, v))
}
return ret
}The value v is never validated. It can contain newlines, shell metacharacters, null bytes, or any arbitrary data.
Proof of Concept
An attacker sends a StartAction request with extra ot_-prefixed arguments:
{
"bindingId": "<any-action-id>",
"arguments": [
{ "name": "ot_custom_var", "value": "arbitrary unvalidated content \n with newlines" },
{ "name": "ot_another", "value": "$(whoami)" }
]
}These arguments:
- Pass through
filterToDefinedArgumentsOnly (the ot_ prefix exempts them).
- Are never type-checked (not in the action's argument definitions).
- Become environment variables
OT_CUSTOM_VAR and OT_ANOTHER in the executed command's environment.
- Are available in the template rendering context as
.Arguments.ot_custom_var and .Arguments.ot_another.
Impact
- Environment variable pollution — attacker can set arbitrary environment variables (with
OT_ uppercased prefix) in the execution environment of any action they can trigger. Scripts or programs that read custom environment variables could be influenced.
- Potential for secondary exploitation — if any executed script or command reads
OT_-prefixed environment variables, the unvalidated content could cause unexpected behavior.
- Template context pollution — although Go's
text/template does not recursively evaluate data values (mitigating direct template injection), the extra arguments are accessible in the template context and could interact unexpectedly with custom template logic.
Suggested Fix
Remove the ot_ prefix exception from keepArgument, or restrict it to only the two known system arguments:
var systemArgs = map[string]struct{}{
"ot_executionTrackingId": {},
"ot_username": {},
}
func keepArgument(name string, definedNames map[string]struct{}) bool {
_, isDefined := definedNames[name]
_, isSystem := systemArgs[name]
return isDefined || isSystem
}
Discovery Methodology
Both vulnerabilities were identified through manual source code review of the OliveTin repository, focusing on:
- Input validation boundaries (API request fields flowing into file system operations and execution contexts)
- Argument filtering and type-checking logic in the executor
- File path construction in the log persistence feature
No automated scanners or fuzzing tools were used. The review was conducted against the current main branch source code.
References
iconnnjka Reporter
Description
The
filterToDefinedArgumentsOnlyfunction in the executor is intended to discard any arguments not explicitly defined in the action's configuration. However, a special case allows any argument whose name starts withot_to bypass this filter. While two system arguments (ot_executionTrackingIdandot_username) are injected by OliveTin and overridden, all otherot_-prefixed arguments supplied by the user pass through unmodified.These bypassed arguments are:
ot_-prefixed arguments skip all type safety checks entirely.buildEnv(), with completely unvalidated values, and passed to the executed command..Arguments.ot_*in template rendering.Affected Code
Filter bypass —
service/internal/executor/executor.go(lines 728–731):System args only override two keys —
service/internal/executor/executor.go(lines 742–745):Any other
ot_-prefixed argument (e.g.,ot_malicious) survives both functions.Unvalidated values become environment variables —
service/internal/executor/executor.go(lines 867–882):The value
vis never validated. It can contain newlines, shell metacharacters, null bytes, or any arbitrary data.Proof of Concept
An attacker sends a
StartActionrequest with extraot_-prefixed arguments:{ "bindingId": "<any-action-id>", "arguments": [ { "name": "ot_custom_var", "value": "arbitrary unvalidated content \n with newlines" }, { "name": "ot_another", "value": "$(whoami)" } ] }These arguments:
filterToDefinedArgumentsOnly(theot_prefix exempts them).OT_CUSTOM_VARandOT_ANOTHERin the executed command's environment..Arguments.ot_custom_varand.Arguments.ot_another.Impact
OT_uppercased prefix) in the execution environment of any action they can trigger. Scripts or programs that read custom environment variables could be influenced.OT_-prefixed environment variables, the unvalidated content could cause unexpected behavior.text/templatedoes not recursively evaluate data values (mitigating direct template injection), the extra arguments are accessible in the template context and could interact unexpectedly with custom template logic.Suggested Fix
Remove the
ot_prefix exception fromkeepArgument, or restrict it to only the two known system arguments:Discovery Methodology
Both vulnerabilities were identified through manual source code review of the OliveTin repository, focusing on:
No automated scanners or fuzzing tools were used. The review was conducted against the current
mainbranch source code.References