Skip to content

fix(core): block $VAR and ${VAR} variable expansion bypass (GHSA-wpqr-6v78-jr5g)#28403

Open
thalha-a9 wants to merge 7 commits into
google-gemini:mainfrom
thalha-a9:fix/variable-expansion-bypass
Open

fix(core): block $VAR and ${VAR} variable expansion bypass (GHSA-wpqr-6v78-jr5g)#28403
thalha-a9 wants to merge 7 commits into
google-gemini:mainfrom
thalha-a9:fix/variable-expansion-bypass

Conversation

@thalha-a9

@thalha-a9 thalha-a9 commented Jul 15, 2026

Copy link
Copy Markdown

Summary

  • Fixes an incomplete check in detectBashSubstitution() and detectPowerShellSubstitution() that allowed variable expansion patterns to bypass the security gate added for GHSA-wpqr-6v78-jr5g
  • Defense-in-depth hardening of gemini-automated-issue-dedup.yml workflow

Fixes #28418

Changes

File What
packages/core/src/utils/shell-utils.ts Block ${VAR} and $VAR in both bash and PowerShell detection, with allowlist for safe automatic variables
packages/core/src/utils/shell-utils.test.ts 120 test cases — dual-platform coverage, safe variable allowlist, edge cases
.github/workflows/gemini-automated-issue-dedup.yml author_association guard + clear GITHUB_TOKEN in sandboxed env

Test plan

  • 120 tests passing (vitest)
  • Pre-commit hooks pass (prettier, eslint)
  • All CI checks green
  • Gemini Code Assist review: "I have no feedback to provide"
  • Single call site (shell.ts:468) verified — no unintended side effects

…titution

The existing detectBashSubstitution() only blocked $() command
substitution and backticks, but allowed $VAR and ${VAR} variable
expansion to pass through undetected. This is a bypass of the
fix for GHSA-wpqr-6v78-jr5g.

An attacker-controlled prompt could instruct the model to run
commands like: echo $GITHUB_TOKEN, echo ${GEMINI_API_KEY}, or
write env vars to GITHUB_ENV — exfiltrating secrets from CI
environments without triggering any security gate.

Changes:
- shell-utils.ts: Extend the $ character check in
  detectBashSubstitution() to also block ${...} (brace
  expansion) and $IDENTIFIER (bare variable names starting
  with [a-zA-Z_]). Harmless special variables ($?, $$,
  $0-$9) remain unblocked.
- shell-utils.test.ts: Add 19 test cases covering blocked
  variable expansion, existing command substitution, safe
  commands, and edge cases (escaped \$, trailing $,
  single-quoted $VAR).
- gemini-automated-issue-dedup.yml: Defense-in-depth
  hardening — add author_association guard on issues:opened
  trigger and clear GITHUB_TOKEN in the Gemini CLI
  environment to prevent token access from within the
  sandboxed execution.
@thalha-a9
thalha-a9 requested review from a team as code owners July 15, 2026 02:11
@gemini-code-assist

Copy link
Copy Markdown
Contributor

Summary of Changes

Hello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a security vulnerability (GHSA-wpqr-6v78-jr5g) where the existing shell command validation was insufficient. By only blocking command substitution like $(), it left the system exposed to variable expansion attacks. The changes extend the detection logic to identify and block $VAR and ${VAR} patterns, ensuring that sensitive environment variables cannot be easily exfiltrated through command execution.

Highlights

  • Security Hardening: Updated detectBashSubstitution to block $VAR and ${VAR} variable expansion, preventing potential secret exfiltration via malicious shell commands.
  • Expanded Test Coverage: Added 19 new test cases to shell-utils.test.ts covering various variable expansion scenarios, edge cases, and safe command patterns.
Ignored Files
  • Ignored by pattern: .github/workflows/** (1)
    • .github/workflows/gemini-automated-issue-dedup.yml
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize the Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counterproductive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@github-actions github-actions Bot added the size/m A medium sized PR label Jul 15, 2026
@github-actions

github-actions Bot commented Jul 15, 2026

Copy link
Copy Markdown

📊 PR Size: size/L

  • Lines changed: 251
  • Additions: +245
  • Deletions: -6
  • Files changed: 3

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates detectBashSubstitution in shell-utils.ts to block variable expansion ($VAR and ${VAR}) and command substitution, and adds corresponding unit tests. The review feedback correctly identifies a critical security gap where detectPowerShellSubstitution (used on Windows) was not updated, leaving Windows environments vulnerable to variable expansion attacks. Additionally, the reviewer suggests expanding the test suite to run these variable expansion checks against both linux and win32 platforms to ensure comprehensive coverage.

Comment thread packages/core/src/utils/shell-utils.ts
Comment thread packages/core/src/utils/shell-utils.test.ts Outdated
@gemini-cli gemini-cli Bot added the status/need-issue Pull requests that need to have an associated issue. label Jul 15, 2026
…form test coverage

detectPowerShellSubstitution() was missed in the original fix, leaving
Windows environments exploitable via $env:VAR and ${env:VAR} syntax.
Also restructures variable-expansion tests to run against both bash
and PowerShell platforms, since the prior tests only exercised the
bash path due to a global platform stub — which is why this gap
wasn't caught initially.

- shell-utils.ts: extend detectPowerShellSubstitution() to block
  ${...} and $IDENTIFIER, mirroring the bash fix
- shell-utils.test.ts: dual-platform assertions for shared cases,
  new PowerShell-specific $env:/${env:} test cases, vi.stubEnv/
  unstubAllEnvs for ComSpec isolation (matches existing file
  convention)
@thalha-a9

Copy link
Copy Markdown
Author

/gemini review

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request enhances shell utility functions to detect and block command substitutions and variable expansions in both Bash and PowerShell environments, accompanied by comprehensive unit tests. The review feedback correctly identifies that overly restrictive blocking of variables starting with letters or underscores will cause false positives by blocking harmless automatic variables and constants (such as $_ in Bash, and $true, $false, $null, and $_ in PowerShell). It is recommended to apply the provided code suggestions to explicitly allow these safe, built-in variables.

Comment thread packages/core/src/utils/shell-utils.ts
Comment thread packages/core/src/utils/shell-utils.ts
…detection

Addresses reviewer feedback that blocking all $IDENTIFIER patterns
over-blocks harmless automatic variables. After capturing the full
variable name, check against an explicit allowlist before blocking:

- Bash: $_ (last argument) allowed; $_SECRET, $_1 etc. still blocked
- PowerShell: $true, $false, $null, $args, $_ allowed; $trueVar,
  $_FOO, $TOKEN etc. still blocked

Adds 13 test cases confirming exact-match semantics — partial matches
like $nullify or $_SECRET are correctly blocked.
@thalha-a9

Copy link
Copy Markdown
Author

/gemini review

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces the detectCommandSubstitution utility to detect and block unsafe command substitutions and variable expansions in bash and PowerShell, while permitting safe automatic variables. The review feedback correctly points out that PowerShell automatic variables are case-insensitive, meaning the current case-sensitive check will incorrectly block mixed-case or uppercase variables like $True. It is recommended to normalize the variable name to lowercase before checking and to add corresponding test cases to verify this behavior.

Comment thread packages/core/src/utils/shell-utils.ts Outdated
Comment thread packages/core/src/utils/shell-utils.test.ts
…riables

PowerShell automatic variables ($True, $FALSE, $Null, $ARGS) are
case-insensitive. Normalize varName to lowercase before checking
against the allowlist so mixed-case variants are not incorrectly
blocked. Adds 5 additional test cases for mixed/uppercase variants.
…nstants

Move BASH_SAFE_VARS, PS_SAFE_VARS, and VAR_NAME_RE out of the hot
path so they are not re-created on every $ character encountered.
Adds one test for $_ followed by a space (word-boundary correctness).
@github-actions github-actions Bot added the size/l A large sized PR label Jul 15, 2026
@thalha-a9

Copy link
Copy Markdown
Author

/gemini review

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request enhances the command substitution detection logic in shell-utils.ts by blocking variable expansions (such as ${VAR} and $VAR) for both Bash and PowerShell, while allowing a predefined set of safe automatic variables. It also adds comprehensive unit tests to verify these rules. The feedback highlights a critical vulnerability bypass in the PowerShell detection where scope-qualified variables (e.g., $true:SECRET) could bypass the block because the prefix matches a safe variable. Suggestions are provided to fix this bypass in the implementation and to add a corresponding test case.

Comment thread packages/core/src/utils/shell-utils.ts
Comment thread packages/core/src/utils/shell-utils.test.ts
thalha-a9 and others added 2 commits July 15, 2026 21:08
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
@thalha-a9

Copy link
Copy Markdown
Author

/gemini review

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request enhances the detectCommandSubstitution utility in packages/core/src/utils/shell-utils.ts to block variable expansions and subexpressions for both Bash and PowerShell environments, while permitting a defined set of safe automatic variables (such as $_, $true, $false, $null, and $args). Comprehensive unit tests have been added in packages/core/src/utils/shell-utils.test.ts to verify these detection rules across different platforms. I have no feedback to provide.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/security Issues related to security priority/p1 Important and should be addressed in the near term. size/l A large sized PR size/m A medium sized PR

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Security: $VAR/${VAR} variable expansion bypass in detectBashSubstitution and detectPowerShellSubstitution (GHSA-wpqr-6v78-jr5g)

1 participant