Skip to content

Security: Command Injection via Unsanitized Input in GitHub Scripts#4299

Open
tomaioo wants to merge 1 commit into
pytorch:mainfrom
tomaioo:fix/security/command-injection-via-unsanitized-input-
Open

Security: Command Injection via Unsanitized Input in GitHub Scripts#4299
tomaioo wants to merge 1 commit into
pytorch:mainfrom
tomaioo:fix/security/command-injection-via-unsanitized-input-

Conversation

@tomaioo
Copy link
Copy Markdown

@tomaioo tomaioo commented May 27, 2026

Summary

Security: Command Injection via Unsanitized Input in GitHub Scripts

Problem

Severity: Medium | File: .github/scripts/run_cpp_linter.py:L1

The run_cpp_linter.py and run_py_linter.py scripts construct shell commands using unsanitized environment variables and file paths. While the direct command injection surface is limited, the scripts read from /GITHUB_EVENT.json and pass repository data into subprocess calls. More critically, both scripts use subprocess.run with shell=False which mitigates direct injection, but they construct format strings with external data for PR comments. The run_cpp_linter.py script formats linter output directly into a PR comment without sanitization, which could lead to injection of markdown or control characters.

Solution

Sanitize all external inputs before using them in subprocess calls or format strings. Use shlex.quote() for shell arguments, and validate/escape output before including in PR comments. Consider using GitHub's official github-script action instead of custom Python scripts for PR interactions.

Changes

  • .github/scripts/run_cpp_linter.py (modified)

@tomaioo
fix(security): command injection via unsanitized input in github
e96a55f 
The `run_cpp_linter.py` and `run_py_linter.py` scripts construct shell commands using unsanitized environment variables and file paths. While the direct command injection surface is limited, the scripts read from `/GITHUB_EVENT.json` and pass repository data into subprocess calls. More critically, both scripts use `subprocess.run` with shell=False which mitigates direct injection, but they construct format strings with external data for PR comments. The `run_cpp_linter.py` script formats linter output directly into a PR comment without sanitization, which could lead to injection of markdown or control characters.

Signed-off-by: tomaioo <203048277+tomaioo@users.noreply.github.com>
@meta-cla
Copy link
Copy Markdown

meta-cla Bot commented May 27, 2026

Hi @tomaioo!

Thank you for your pull request and welcome to our community.

Action Required

In order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you.

Process

In order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA.

Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with CLA signed. The tagging process may take up to 1 hour after signing. Please give it that time before contacting us about it.

If you have received this in error or have any questions, please contact us at cla@meta.com. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tomaioo