Skip to content

fix: harden shell utilities and temporary file handling#5

Open
vibhu-dixit wants to merge 1 commit into
cleanmcp:mainfrom
vibhu-dixit:fix/Remove-Unsafe-Shell-Patterns-and-Temporary-File-Usage
Open

fix: harden shell utilities and temporary file handling#5
vibhu-dixit wants to merge 1 commit into
cleanmcp:mainfrom
vibhu-dixit:fix/Remove-Unsafe-Shell-Patterns-and-Temporary-File-Usage

Conversation

@vibhu-dixit

@vibhu-dixit vibhu-dixit commented Jul 8, 2026

Copy link
Copy Markdown

Summary

This PR improves the security and robustness of Tess's shell utilities by addressing three issues( Closes #4 ):

  • Replace unsafe eval-based environment variable restoration with safe export assignments.
  • Quote voice input before passing it to the Python handler to preserve user input and prevent shell expansion.
  • Replace deprecated tempfile.mktemp() usage with secure temporary file creation.

These changes do not alter any user-facing behavior but make the implementation safer and more reliable.


Changes

1. Remove eval from environment restoration

Files

  • bin/tess
  • bin/worktree.sh
  • bin/wt

Previously, TESS_* environment variables were restored using eval, which could mis-handle values containing spaces or shell metacharacters and introduced unnecessary shell evaluation.

The restoration now uses safe export assignments instead.


2. Quote voice input

File

  • bin/tess

Voice input is now passed to _tess-ask.py as a quoted argument.

This prevents shell word splitting and pathname expansion, ensuring dictated text reaches the Python process exactly as spoken.


3. Replace insecure temporary file creation

Files

  • bin/_tess-chat.py
  • bin/_tess-music.py

Replaced tempfile.mktemp() with secure temporary file APIs (mkstemp`) to eliminate potential race conditions during temporary file creation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Security Hardening: Remove Unsafe Shell Patterns and Temporary File Usage

1 participant