Skip to content

fix(security): prevent shell injection in ADB operator#1883

Open
JasonOA888 wants to merge 1 commit into
bytedance:mainfrom
JasonOA888:fix/adb-shell-injection
Open

fix(security): prevent shell injection in ADB operator#1883
JasonOA888 wants to merge 1 commit into
bytedance:mainfrom
JasonOA888:fix/adb-shell-injection

Conversation

@JasonOA888

@JasonOA888 JasonOA888 commented May 9, 2026

Copy link
Copy Markdown

Security Vulnerability: Shell Injection in ADB Operator

Problem

The ADB operator (multimodal/gui-agent/operator-adb/src/AdbOperator.ts) contains multiple shell injection vulnerabilities:

  1. exec() with string commandgetConnectedDevices() uses exec('adb devices') with Node.js exec(), which spawns a shell. While this specific call has no user input, it sets an unsafe pattern.

  2. handleType() text injection (Critical) — User-controlled text content is directly interpolated into a shell command:

    await this.executeWithYadb(`-keyboard "${text}"`);

    An attacker controlling the agent's type action could inject arbitrary commands by crafting text like: foo"; rm -rf /; echo "

  3. handleClick() / handleSwipe() coordinate injection — While coordinates are typed as number, no validation ensures they are actually finite numbers. A value like NaN or Infinity could produce unexpected shell behavior.

  4. executeWithYadb() raw string subCommands — The method accepts raw string arguments that are directly concatenated into shell commands without escaping.

Impact

  • P0 / Critical: The handleType() path allows arbitrary command execution on the Android device through shell injection when processing non-ASCII text input (Chinese characters, etc.).
  • P1: Lack of input validation in coordinate/duration parameters could lead to unexpected behavior.

Fix

  1. Replace exec() with execFile() — Uses argument arrays instead of shell string commands for the adb devices call.

  2. Add shellEscape() utility — Properly escapes strings for safe inclusion in shell commands by wrapping in single quotes and escaping existing single quotes.

  3. Refactor executeWithYadb() to accept string[] — Arguments are now passed as an array and each is individually shell-escaped before being joined into the command string.

  4. Add Number.isFinite() validation — All numeric parameters (coordinates, duration) are validated before being interpolated into commands.

  5. Use Math.round() for numeric values — Ensures clean integer output in generated shell commands.

Files Changed

  • multimodal/gui-agent/operator-adb/src/AdbOperator.ts

Testing

  • Verified shell escaping handles special characters correctly (quotes, backticks, dollar signs, semicolons)
  • Verified Number.isFinite() rejects NaN, Infinity, and non-numeric values
  • Backward compatible: all existing functionality preserved with added safety

@JasonOA888
fix(security): prevent shell injection in ADB operator
bdd097d 
The ADB operator was vulnerable to shell injection through multiple
attack vectors:

1. exec() with string concatenation: 'adb devices' used exec() instead
   of execFile(), setting an unsafe pattern.
2. handleType(): User-controlled text was interpolated directly into
   shell commands: `-keyboard "${text}"` - an attacker could
   inject arbitrary shell commands via crafted text content.
3. handleClick()/handleSwipe(): While coordinates are typed as numbers,
   no validation ensured they were actually finite numbers.
4. executeWithYadb(): Accepted raw string subCommands that were directly
   concatenated into shell commands.

Fix:
- Replace exec() with execFile() using argument arrays
- Add shellEscape() utility for proper single-quote escaping
- Change executeWithYadb() to accept string arrays with proper escaping
- Add Number.isFinite() validation for all numeric parameters
- Use Math.round() to ensure clean integer output in shell commands
@netlify

netlify Bot commented May 9, 2026
edited
Loading

Copy link
Copy Markdown

Deploy Preview for tarko ready!

Name Link
🔨 Latest commit bdd097d
🔍 Latest deploy log https://app.netlify.com/projects/tarko/deploys/69ff66e1565c0d0008507fdf
😎 Deploy Preview https://deploy-preview-1883--tarko.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify

netlify Bot commented May 9, 2026
edited
Loading

Copy link
Copy Markdown

Deploy Preview for agent-tars-docs ready!

Name Link
🔨 Latest commit bdd097d
🔍 Latest deploy log https://app.netlify.com/projects/agent-tars-docs/deploys/69ff66e16dac870008e4c7e8
😎 Deploy Preview https://deploy-preview-1883--agent-tars-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JasonOA888