🔴 [P0] Sanitize agent spawn command payloads (command injection risk) #274

New Issue

jason.woltje · 2026-02-03T22:29:25Z

jason.woltje commented

2026-02-03 22:29:25 +00:00

Summary

Agent spawn passes unvalidated context and options to orchestrator. Potential command injection and RCE.

Location

apps/api/src/federation/federation-agent.service.ts:237-275

Security Impact

Command injection if context contains shell commands
Path traversal if context contains file paths
Remote code execution risk

Required Implementation

Validate taskId format
Whitelist allowed agentType values
Sanitize context fields
Validate all string values

Priority

CRITICAL (P0) - RCE risk

## Summary Agent spawn passes unvalidated `context` and `options` to orchestrator. Potential command injection and RCE. ## Location `apps/api/src/federation/federation-agent.service.ts:237-275` ## Security Impact - Command injection if context contains shell commands - Path traversal if context contains file paths - Remote code execution risk ## Required Implementation 1. Validate `taskId` format 2. Whitelist allowed `agentType` values 3. Sanitize `context` fields 4. Validate all string values ## Priority **CRITICAL (P0)** - RCE risk

jason.woltje added the security p0 api api labels 2026-02-03 22:29:25 +00:00

jason.woltje added this to the M7.1-Remediation (0.0.8) milestone 2026-02-03 22:31:44 +00:00

jason.woltje referenced this issue from a commit

2026-02-04 02:18:03 +00:00

fix(#274): Add input validation to prevent command injection in git operations

jason.woltje closed this issue

2026-02-04 02:18:11 +00:00

Sign in to join this conversation.

Branches Tags

main

fix/ci-glibc-image

fix/dockerfile-npmrc

fix/matrix-native-binary

fix/kaniko-cache

fix/base-image-kaniko-v2

fix/base-image-kaniko

feat/custom-base-image

ci/pnpm-cache

fix/interceptor-tests

fix/kanban-tests

feat/wire-chat

feat/usage-widget

fix/security-hardening

fix/project-domain-v2

feat/kanban-add-task

fix/project-domain-attach

fix/logs-page-clean

fix/workspace-members

fix/ci-lint-632

fix/file-manager-tags

fix/csrf-debug-log

fix/controller-type-imports

fix/system-admin-env

fix/gateway-cors-trusted-origins

feat/project-detail-page

fix/fleet-provider-form-dto-v2

fix/ms22-audit

fix/orchestrator-widgets

fix/fleet-provider-form-dto

fix/csrf-bearer-bypass

fix/ms22-missing-authmodule-imports

fix/container-lifecycle-config-module

fix/swarm-compose-ms22-vars

chore/ms22-p1-complete

feat/ms22-p1h-settings-ui

feat/ms22-p1f-onboarding-ui

feat/ms22-p1i-chat-proxy

feat/ms22-p1k-idle-reaper

feat/ms22-p1j-docker

feat/ms22-p1e-onboarding-api

feat/ms22-p1g-settings-api

feat/ms22-p1d-container-mgr

feat/ms22-p1c-config-api

chore/ms22-prd-tracking

feat/ms22-p1a-schema

feat/ms22-p1b-crypto

chore/ms22-p1-tasks

docs/ms22-architecture

feat/ms22-openclaw-docker

feat/ms22-openclaw-gateway-module

chore/ms21-complete

chore/ms21-final-tasks-done

fix/ms21-ui-001-qa

test/ms21-ui-tests

chore/ms21-tasks-sync

chore/ms22-phase0-complete

feat/ms22-ingest-clean

feat/ms21-ui-users-members

feat/ms22-task-agent

chore/tasks-final

chore/tasks-update

feat/ms21-session-invalidation

feat/ms21-rbac-settings

feat/ms21-teams-page

feat/ms21-users-page

feat/ms19-terminal-persistence

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: mosaic/stack#274