XML Injection via SC1_CFG in config.sh Causes Malformed Mission XML and Configuration DoS

[yanghuiyao779-blip]

Description

Define the problem

scripts/cfg/config.sh inserts user-controlled SC1_CFG directly into via sed substitution,
without XML escaping.
If SC1_CFG includes XML metacharacters (for example < or &), the generated mission XML becomes
malformed and configure.py fails to parse it.

Relevant code:

• config.sh:21
• config.sh:32:32
• configure.py:21:21
• Makefile:142:142

Capture the setup

• Branch: main
• Git hash: 4428de5
• Configuration changes:

1. Created test file: cfg/spacecraft/sc-mission-config.xml<&evil>.xml
2. Ran scripts/cfg/config.sh with SC1_CFG='spacecraft/sc-mission-config.xml<&evil>.xml'
3. No persistent source/config changes were required

Steps to recreate

1. Create a file with XML metacharacters in the filename:

printf '%s\n' '' > 'cfg/spacecraft/sc-mission-config.xml<&evil>.xml'

2. Execute config workflow with override:

SC1_CFG='spacecraft/sc-mission-config.xml<&evil>.xml' bash scripts/cfg/config.sh

3. Inspect generated mission file and parse result:

  python3 - <<'PY'
  from pathlib import Path
  import xml.etree.ElementTree as ET
  p=Path('cfg/build/current_config_path.txt').read_text().strip()
  print('generated=', p)
  xml=Path(p).read_text(encoding='utf-8',errors='ignore')
  for line in xml.splitlines():
      if '<sc-1-cfg>' in line:
          print('line=', line)
          break
  try:
      ET.parse(p)
      print('parse=OK')
  except Exception as e:
      print('parse=FAIL', type(e).__name__, str(e))
  PY

Logs or screenshots

Observed output:

  - Overriding <sc-1-cfg> with: spacecraft/sc-mission-config.xml<&evil>.xml
  - Corrupted <sc-1-cfg> line in generated XML
  - parse=FAIL ParseError not well-formed (invalid token)

Impact

This is reliably triggerable denial of service in the configuration pipeline (make config path). It
breaks mission config generation and can block automated build/startup workflows where SC1_CFG is
externally controlled.

OS

No response