Fix shell injection vulnerability and address PR feedback

devin-ai-integration[bot] · fumiya-kume · devin-ai-integration[bot] · commit 743e18a8cd1d · 2025-07-11T14:35:32.000Z
- Replace string concatenation with exec.CommandContext using separate arguments in all DefaultsCommand methods (Read, ReadType, Write, WriteWithType)
- This prevents shell injection by passing values as distinct arguments instead of embedding them in command strings
- Update push_type_test.go to handle new error message format from direct exec calls
- Remove todo.txt file as suggested in PR feedback

Security improvements:
- All command execution now uses exec.CommandContext(ctx, command, arg1, arg2, ...)
- Values are no longer interpolated into shell command strings
- Eliminates risk of shell injection from special characters in domain, key, or value parameters

Co-Authored-By: k \u201C\u713C\u914E\u304A\u6E6F\u5272\u308A250ml 30%\u5F15\u304D\u201D &lt;fumiya.kume@hotmail.com&gt;
diff --git a/internal/defaults/defaults_command.go b/internal/defaults/defaults_command.go
@@ -44,8 +44,7 @@ func (d *DefaultsCommandImpl) Read(ctx context.Context) (string, error) {
 	if d.domain == "" || d.key == "" {
 		return "", fmt.Errorf("domain and key cannot be empty")
 	}
-	command := fmt.Sprintf("defaults read %s %s", d.domain, d.key)
-	output, err := exec.CommandContext(ctx, "bash", "-c", command).Output()
+	output, err := exec.CommandContext(ctx, "defaults", "read", d.domain, d.key).Output()
 	if err != nil {
 		return "", err
 	}
@@ -57,8 +56,7 @@ func (d *DefaultsCommandImpl) ReadType(ctx context.Context) (string, error) {
 	if d.domain == "" || d.key == "" {
 		return "", fmt.Errorf("domain and key cannot be empty")
 	}
-	command := fmt.Sprintf("defaults read-type %s %s", d.domain, d.key)
-	output, err := exec.CommandContext(ctx, "bash", "-c", command).Output()
+	output, err := exec.CommandContext(ctx, "defaults", "read-type", d.domain, d.key).Output()
 	if err != nil {
 		return "string", nil
 	}
@@ -77,8 +75,7 @@ func (d *DefaultsCommandImpl) Write(ctx context.Context, value string) error {
 	if d.domain == "" || d.key == "" {
 		return fmt.Errorf("domain and key cannot be empty")
 	}
-	command := fmt.Sprintf("defaults write %s %s %s", d.domain, d.key, value)
-	_, err := exec.CommandContext(ctx, "bash", "-c", command).Output()
+	_, err := exec.CommandContext(ctx, "defaults", "write", d.domain, d.key, value).Output()
 	if err != nil {
 		return err
 	}
@@ -91,14 +88,14 @@ func (d *DefaultsCommandImpl) WriteWithType(ctx context.Context, value string, v
 	}
 	
 	typeFlag := mapInternalTypeToFlag(valueType)
-	var command string
+	var args []string
 	if typeFlag == "" || valueType == "string" {
-		command = fmt.Sprintf("defaults write %s %s %s", d.domain, d.key, value)
+		args = []string{"defaults", "write", d.domain, d.key, value}
 	} else {
-		command = fmt.Sprintf("defaults write %s %s %s %s", d.domain, d.key, typeFlag, value)
+		args = []string{"defaults", "write", d.domain, d.key, typeFlag, value}
 	}
 	
-	_, err := exec.CommandContext(ctx, "bash", "-c", command).Output()
+	_, err := exec.CommandContext(ctx, args[0], args[1:]...).Output()
 	if err != nil {
 		return err
 	}
diff --git a/internal/operation/push/push_type_test.go b/internal/operation/push/push_type_test.go
@@ -25,7 +25,7 @@ func TestPushWithTypes(t *testing.T) {
 	Push(configs)
 
 	logStr := logOutput.String()
-	if strings.Contains(logStr, "Failed to write") && !strings.Contains(logStr, "exit status 127") {
+	if strings.Contains(logStr, "Failed to write") && !strings.Contains(logStr, "exit status 127") && !strings.Contains(logStr, "executable file not found") {
 		t.Errorf("Unexpected error in log output: %s", logStr)
 	}
 }
@@ -43,7 +43,7 @@ func TestPushWithStringType(t *testing.T) {
 	Push(configs)
 
 	logStr := logOutput.String()
-	if strings.Contains(logStr, "Failed to write") && !strings.Contains(logStr, "exit status 127") {
+	if strings.Contains(logStr, "Failed to write") && !strings.Contains(logStr, "exit status 127") && !strings.Contains(logStr, "executable file not found") {
 		t.Errorf("Unexpected error in log output: %s", logStr)
 	}
 }
@@ -61,7 +61,7 @@ func TestPushWithEmptyType(t *testing.T) {
 	Push(configs)
 
 	logStr := logOutput.String()
-	if strings.Contains(logStr, "Failed to write") && !strings.Contains(logStr, "exit status 127") {
+	if strings.Contains(logStr, "Failed to write") && !strings.Contains(logStr, "exit status 127") && !strings.Contains(logStr, "executable file not found") {
 		t.Errorf("Unexpected error in log output: %s", logStr)
 	}
 }
diff --git a/todo.txt b/todo.txt

Original file line number	Diff line number	Diff line change
`@@ -44,8 +44,7 @@ func (d *DefaultsCommandImpl) Read(ctx context.Context) (string, error) {`
`44`	`44`	`if d.domain == "" \|\| d.key == "" {`
`45`	`45`	`return "", fmt.Errorf("domain and key cannot be empty")`
`46`	`46`	`}`
`47`		`- command := fmt.Sprintf("defaults read %s %s", d.domain, d.key)`
`48`		`- output, err := exec.CommandContext(ctx, "bash", "-c", command).Output()`
	`47`	`+ output, err := exec.CommandContext(ctx, "defaults", "read", d.domain, d.key).Output()`
`49`	`48`	`if err != nil {`
`50`	`49`	`return "", err`
`51`	`50`	`}`
`@@ -57,8 +56,7 @@ func (d *DefaultsCommandImpl) ReadType(ctx context.Context) (string, error) {`
`57`	`56`	`if d.domain == "" \|\| d.key == "" {`
`58`	`57`	`return "", fmt.Errorf("domain and key cannot be empty")`
`59`	`58`	`}`
`60`		`- command := fmt.Sprintf("defaults read-type %s %s", d.domain, d.key)`
`61`		`- output, err := exec.CommandContext(ctx, "bash", "-c", command).Output()`
	`59`	`+ output, err := exec.CommandContext(ctx, "defaults", "read-type", d.domain, d.key).Output()`
`62`	`60`	`if err != nil {`
`63`	`61`	`return "string", nil`
`64`	`62`	`}`
`@@ -77,8 +75,7 @@ func (d *DefaultsCommandImpl) Write(ctx context.Context, value string) error {`
`77`	`75`	`if d.domain == "" \|\| d.key == "" {`
`78`	`76`	`return fmt.Errorf("domain and key cannot be empty")`
`79`	`77`	`}`
`80`		`- command := fmt.Sprintf("defaults write %s %s %s", d.domain, d.key, value)`
`81`		`- _, err := exec.CommandContext(ctx, "bash", "-c", command).Output()`
	`78`	`+ _, err := exec.CommandContext(ctx, "defaults", "write", d.domain, d.key, value).Output()`
`82`	`79`	`if err != nil {`
`83`	`80`	`return err`
`84`	`81`	`}`
`@@ -91,14 +88,14 @@ func (d *DefaultsCommandImpl) WriteWithType(ctx context.Context, value string, v`
`91`	`88`	`}`
`92`	`89`
`93`	`90`	`typeFlag := mapInternalTypeToFlag(valueType)`
`94`		`- var command string`
	`91`	`+ var args []string`
`95`	`92`	`if typeFlag == "" \|\| valueType == "string" {`
`96`		`- command = fmt.Sprintf("defaults write %s %s %s", d.domain, d.key, value)`
	`93`	`+ args = []string{"defaults", "write", d.domain, d.key, value}`
`97`	`94`	`} else {`
`98`		`- command = fmt.Sprintf("defaults write %s %s %s %s", d.domain, d.key, typeFlag, value)`
	`95`	`+ args = []string{"defaults", "write", d.domain, d.key, typeFlag, value}`
`99`	`96`	`}`
`100`	`97`
`101`		`- _, err := exec.CommandContext(ctx, "bash", "-c", command).Output()`
	`98`	`+ _, err := exec.CommandContext(ctx, args[0], args[1:]...).Output()`
`102`	`99`	`if err != nil {`
`103`	`100`	`return err`
`104`	`101`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ func TestPushWithTypes(t *testing.T) {`
`25`	`25`	`Push(configs)`
`26`	`26`
`27`	`27`	`logStr := logOutput.String()`
`28`		`- if strings.Contains(logStr, "Failed to write") && !strings.Contains(logStr, "exit status 127") {`
	`28`	`+ if strings.Contains(logStr, "Failed to write") && !strings.Contains(logStr, "exit status 127") && !strings.Contains(logStr, "executable file not found") {`
`29`	`29`	`t.Errorf("Unexpected error in log output: %s", logStr)`
`30`	`30`	`}`
`31`	`31`	`}`
`@@ -43,7 +43,7 @@ func TestPushWithStringType(t *testing.T) {`
`43`	`43`	`Push(configs)`
`44`	`44`
`45`	`45`	`logStr := logOutput.String()`
`46`		`- if strings.Contains(logStr, "Failed to write") && !strings.Contains(logStr, "exit status 127") {`
	`46`	`+ if strings.Contains(logStr, "Failed to write") && !strings.Contains(logStr, "exit status 127") && !strings.Contains(logStr, "executable file not found") {`
`47`	`47`	`t.Errorf("Unexpected error in log output: %s", logStr)`
`48`	`48`	`}`
`49`	`49`	`}`
`@@ -61,7 +61,7 @@ func TestPushWithEmptyType(t *testing.T) {`
`61`	`61`	`Push(configs)`
`62`	`62`
`63`	`63`	`logStr := logOutput.String()`
`64`		`- if strings.Contains(logStr, "Failed to write") && !strings.Contains(logStr, "exit status 127") {`
	`64`	`+ if strings.Contains(logStr, "Failed to write") && !strings.Contains(logStr, "exit status 127") && !strings.Contains(logStr, "executable file not found") {`
`65`	`65`	`t.Errorf("Unexpected error in log output: %s", logStr)`
`66`	`66`	`}`
`67`	`67`	`}`