[PR #6] Fix RCE, data exfiltration, and supply chain vulnerabilities #19

New issue

Closed

opened 2026-02-27 19:20:56 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 19:20:56 +03:00

Owner

Original Pull Request: https://github.com/f/git-rewrite-commits/pull/6

State: closed
Merged: No

Critical security issues: shell injection in hooks via eval, unconditional transmission of diffs/files to remote APIs without consent, automatic history rewrites without backups, and unversioned package execution.

Changes

Shell injection (hooks/prepare-commit-msg)

Replaced eval "$CMD" with secure argument arrays: set -- npx git-rewrite-commits --provider "$PROVIDER"
User-controlled git config values now properly quoted, eliminating RCE vector

Data exfiltration (src/index.ts)

Added checkRemoteAPIConsent() - explicit prompt before remote API calls (skipped for local Ollama)
Added redactSensitivePatterns() - strips API keys, passwords, private keys, AWS credentials from diffs
New --skip-remote-consent flag for non-interactive contexts

Unsafe rewrites (hooks/)*

All hooks now opt-in via git config (e.g., git config hooks.prepareCommitMsg true)
Removed --skip-backup from post-commit and pre-push hooks
Backups always created before history rewrites

Supply chain (SECURITY.md)

Documented version pinning: npx git-rewrite-commits@0.4.0
Added integrity verification guidance

Breaking Change

Hooks disabled by default. Users must explicitly enable:

git config hooks.prepareCommitMsg true      # opt-in to AI commit messages
git config hooks.commitProvider ollama       # or use local processing

Example

Before (vulnerable):

CMD="npx git-rewrite-commits --provider $PROVIDER"
TEMPLATE="$(git config --get hooks.commitTemplate)"
CMD="$CMD --template \"$TEMPLATE\""  # injection point
AI_MESSAGE=$(eval "$CMD")  # arbitrary code execution

After (secure):

set -- npx git-rewrite-commits --provider "$PROVIDER"
if [ -n "$TEMPLATE" ]; then
    set -- "$@" --template "$TEMPLATE"  # properly quoted
fi
AI_MESSAGE=$("$@")  # no eval, no injection

CodeQL scan: 0 alerts.

Original prompt

This section details on the original issue you should resolve

<issue_title>RCE, Data Exfiltration, and Supply Chain Risks</issue_title>
<issue_description>Good morning. hooks/prepare-commit-msg:20-57 concatenates user-controlled git-config values into CMD="npx git-rewrite-commits …" and executes it with eval. Any repo or developer shell can inject shell metacharacters and gain arbitrary code execution as soon as the hook runs. Replace the eval call with a safely quoted exec path (e.g., direct npx invocation with explicit arguments, or printf '%s\0' + xargs -0).

src/index.ts:223-265 unconditionally streams the entire file list and up to ~8 KB of raw git diff to the selected provider (OpenAI by default). There is no masking, allow-list, or opt-in confirmation, so secrets, credentials, and regulated data leave the workstation every time the CLI runs. This is a major privacy/compliance violation for any sensitive repository.

Installing the provided hooks causes constant exfiltration and unattended history rewrites. The post-commit hook (hooks/post-commit:15-38) invokes npx git-rewrite-commits --max-commits 1 --skip-backup after every commit, and the pre-push hook (hooks/pre-push:14-50) reruns the tool for every unpushed commit on each push. Following the documented “install hooks” flow silently leaks staged/unpushed code to OpenAI and can corrupt repositories because rewrite operations occur automatically with backups disabled.

All three hooks rely on npx git-rewrite-commits (hooks/prepare-commit-msg:40-56, hooks/post-commit:31-38, hooks/pre-push:40-50) without pinning a version or verifying integrity. A compromised or typo-squatted npm release immediately executes attacker-controlled code during every commit/push. Ship a vendored binary/CLI or pin + checksum-verify the exact package before executing it.

These issues collectively provide trivial RCE vectors, leak confidential source code to third parties, and risk repository corruption.

Remediation steps:

Remove eval usage in hooks and enforce strict argument quoting.

Add explicit consent/allow-listing for remote providers and redact diffs before transmission.

Disable automatic remote calls/history rewrites in hooks unless the user opts in per-run, and ensure backups are always created.

Pin or vendor the CLI invoked by the hooks and verify integrity before execution.</issue_description>

Comments on the Issue (you are @copilot in this section)

Fixes f/git-rewrite-commits#5

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

**Original Pull Request:** https://github.com/f/git-rewrite-commits/pull/6 **State:** closed **Merged:** No --- Critical security issues: shell injection in hooks via `eval`, unconditional transmission of diffs/files to remote APIs without consent, automatic history rewrites without backups, and unversioned package execution. ## Changes **Shell injection (hooks/prepare-commit-msg)** - Replaced `eval "$CMD"` with secure argument arrays: `set -- npx git-rewrite-commits --provider "$PROVIDER"` - User-controlled git config values now properly quoted, eliminating RCE vector **Data exfiltration (src/index.ts)** - Added `checkRemoteAPIConsent()` - explicit prompt before remote API calls (skipped for local Ollama) - Added `redactSensitivePatterns()` - strips API keys, passwords, private keys, AWS credentials from diffs - New `--skip-remote-consent` flag for non-interactive contexts **Unsafe rewrites (hooks/***)** - All hooks now opt-in via git config (e.g., `git config hooks.prepareCommitMsg true`) - Removed `--skip-backup` from post-commit and pre-push hooks - Backups always created before history rewrites **Supply chain (SECURITY.md)** - Documented version pinning: `npx git-rewrite-commits@0.4.0` - Added integrity verification guidance ## Breaking Change Hooks disabled by default. Users must explicitly enable: ```bash git config hooks.prepareCommitMsg true # opt-in to AI commit messages git config hooks.commitProvider ollama # or use local processing ``` ## Example Before (vulnerable): ```sh CMD="npx git-rewrite-commits --provider $PROVIDER" TEMPLATE="$(git config --get hooks.commitTemplate)" CMD="$CMD --template \"$TEMPLATE\"" # injection point AI_MESSAGE=$(eval "$CMD") # arbitrary code execution ``` After (secure): ```sh set -- npx git-rewrite-commits --provider "$PROVIDER" if [ -n "$TEMPLATE" ]; then set -- "$@" --template "$TEMPLATE" # properly quoted fi AI_MESSAGE=$("$@") # no eval, no injection ``` CodeQL scan: 0 alerts.  <details> <summary>Original prompt</summary> > > ---- > > *This section details on the original issue you should resolve* > > <issue_title>RCE, Data Exfiltration, and Supply Chain Risks</issue_title> > <issue_description>Good morning. `hooks/prepare-commit-msg:20-57` concatenates user-controlled `git-config` values into `CMD="npx git-rewrite-commits …"` and executes it with `eval`. Any repo or developer shell can inject shell metacharacters and gain arbitrary code execution as soon as the hook runs. Replace the `eval` call with a safely quoted exec path (e.g., direct `npx` invocation with explicit arguments, or `printf '%s\0' + xargs -0`). > > `src/index.ts:223-265` unconditionally streams the entire file list and up to ~8 KB of raw `git diff` to the selected provider (OpenAI by default). There is no masking, allow-list, or opt-in confirmation, so secrets, credentials, and regulated data leave the workstation every time the CLI runs. This is a major privacy/compliance violation for any sensitive repository. > > Installing the provided hooks causes constant exfiltration and unattended history rewrites. The post-commit hook (`hooks/post-commit:15-38`) invokes `npx git-rewrite-commits --max-commits 1 --skip-backup` after every commit, and the pre-push hook (`hooks/pre-push:14-50`) reruns the tool for every unpushed commit on each push. Following the documented “install hooks” flow silently leaks staged/unpushed code to OpenAI and can corrupt repositories because rewrite operations occur automatically with backups disabled. > > All three hooks rely on `npx git-rewrite-commits` (`hooks/prepare-commit-msg:40-56`, `hooks/post-commit:31-38`, `hooks/pre-push:40-50`) without pinning a version or verifying integrity. A compromised or typo-squatted npm release immediately executes attacker-controlled code during every commit/push. Ship a vendored binary/CLI or pin + checksum-verify the exact package before executing it. > > These issues collectively provide trivial RCE vectors, leak confidential source code to third parties, and risk repository corruption. > > Remediation steps: > 1. Remove eval usage in hooks and enforce strict argument quoting. > 2. Add explicit consent/allow-listing for remote providers and redact diffs before transmission. > 3. Disable automatic remote calls/history rewrites in hooks unless the user opts in per-run, and ensure backups are always created. > 4. Pin or vendor the CLI invoked by the hooks and verify integrity before execution.</issue_description> > > ## Comments on the Issue (you are @copilot in this section) > > <comments> > </comments> > </details> - Fixes f/git-rewrite-commits#5  --- 💬 We'd love your input! Share your thoughts on Copilot coding agent in our [2 minute survey](https://gh.io/copilot-coding-agent-survey).

kerem

2026-02-27 19:20:56 +03:00

closed this issue
added the
pull-request
label

kerem changed title from ~~[PR #6] [CLOSED] Fix RCE, data exfiltration, and supply chain vulnerabilities~~ to [PR #6] Fix RCE, data exfiltration, and supply chain vulnerabilities

2026-03-07 21:34:21 +03:00