[GH-ISSUE #5] RCE, Data Exfiltration, and Supply Chain Risks #6

New issue

Closed

opened 2026-02-27 19:20:52 +03:00 by kerem · 1 comment

kerem commented

2026-02-27 19:20:52 +03:00

Owner

Originally created by @geeknik on GitHub (Nov 11, 2025).
Original GitHub issue: https://github.com/f/git-rewrite-commits/issues/5

Originally assigned to: @Copilot on GitHub.

Good morning. hooks/prepare-commit-msg:20-57 concatenates user-controlled git-config values into CMD="npx git-rewrite-commits …" and executes it with eval. Any repo or developer shell can inject shell metacharacters and gain arbitrary code execution as soon as the hook runs. Replace the eval call with a safely quoted exec path (e.g., direct npx invocation with explicit arguments, or printf '%s\0' + xargs -0).

src/index.ts:223-265 unconditionally streams the entire file list and up to ~8 KB of raw git diff to the selected provider (OpenAI by default). There is no masking, allow-list, or opt-in confirmation, so secrets, credentials, and regulated data leave the workstation every time the CLI runs. This is a major privacy/compliance violation for any sensitive repository.

Installing the provided hooks causes constant exfiltration and unattended history rewrites. The post-commit hook (hooks/post-commit:15-38) invokes npx git-rewrite-commits --max-commits 1 --skip-backup after every commit, and the pre-push hook (hooks/pre-push:14-50) reruns the tool for every unpushed commit on each push. Following the documented “install hooks” flow silently leaks staged/unpushed code to OpenAI and can corrupt repositories because rewrite operations occur automatically with backups disabled.

All three hooks rely on npx git-rewrite-commits (hooks/prepare-commit-msg:40-56, hooks/post-commit:31-38, hooks/pre-push:40-50) without pinning a version or verifying integrity. A compromised or typo-squatted npm release immediately executes attacker-controlled code during every commit/push. Ship a vendored binary/CLI or pin + checksum-verify the exact package before executing it.

These issues collectively provide trivial RCE vectors, leak confidential source code to third parties, and risk repository corruption.

Remediation steps:

Remove eval usage in hooks and enforce strict argument quoting.
Add explicit consent/allow-listing for remote providers and redact diffs before transmission.
Disable automatic remote calls/history rewrites in hooks unless the user opts in per-run, and ensure backups are always created.
Pin or vendor the CLI invoked by the hooks and verify integrity before execution.

Originally created by @geeknik on GitHub (Nov 11, 2025). Original GitHub issue: https://github.com/f/git-rewrite-commits/issues/5 Originally assigned to: @Copilot on GitHub. Good morning. `hooks/prepare-commit-msg:20-57` concatenates user-controlled `git-config` values into `CMD="npx git-rewrite-commits …"` and executes it with `eval`. Any repo or developer shell can inject shell metacharacters and gain arbitrary code execution as soon as the hook runs. Replace the `eval` call with a safely quoted exec path (e.g., direct `npx` invocation with explicit arguments, or `printf '%s\0' + xargs -0`). `src/index.ts:223-265` unconditionally streams the entire file list and up to ~8 KB of raw `git diff` to the selected provider (OpenAI by default). There is no masking, allow-list, or opt-in confirmation, so secrets, credentials, and regulated data leave the workstation every time the CLI runs. This is a major privacy/compliance violation for any sensitive repository. Installing the provided hooks causes constant exfiltration and unattended history rewrites. The post-commit hook (`hooks/post-commit:15-38`) invokes `npx git-rewrite-commits --max-commits 1 --skip-backup` after every commit, and the pre-push hook (`hooks/pre-push:14-50`) reruns the tool for every unpushed commit on each push. Following the documented “install hooks” flow silently leaks staged/unpushed code to OpenAI and can corrupt repositories because rewrite operations occur automatically with backups disabled. All three hooks rely on `npx git-rewrite-commits` (`hooks/prepare-commit-msg:40-56`, `hooks/post-commit:31-38`, `hooks/pre-push:40-50`) without pinning a version or verifying integrity. A compromised or typo-squatted npm release immediately executes attacker-controlled code during every commit/push. Ship a vendored binary/CLI or pin + checksum-verify the exact package before executing it. These issues collectively provide trivial RCE vectors, leak confidential source code to third parties, and risk repository corruption. Remediation steps: 1. Remove eval usage in hooks and enforce strict argument quoting. 2. Add explicit consent/allow-listing for remote providers and redact diffs before transmission. 3. Disable automatic remote calls/history rewrites in hooks unless the user opts in per-run, and ensure backups are always created. 4. Pin or vendor the CLI invoked by the hooks and verify integrity before execution.

kerem closed this issue

2026-02-27 19:20:52 +03:00

kerem commented

2026-02-27 19:20:53 +03:00

Author

Owner

@f commented on GitHub (Nov 11, 2025):

Can you review @Copilot Agent's PR: https://github.com/f/git-rewrite-commits/pull/6/files

@f commented on GitHub (Nov 11, 2025): Can you review @Copilot Agent's PR: https://github.com/f/git-rewrite-commits/pull/6/files

kerem referenced this issue

2026-02-27 19:20:56 +03:00

[PR #6] Fix RCE, data exfiltration, and supply chain vulnerabilities #19