fix: validate sandbox names to prevent shell injection#45
Closed
areporeporepo wants to merge 1 commit intoNVIDIA:mainfrom
Closed
fix: validate sandbox names to prevent shell injection#45areporeporepo wants to merge 1 commit intoNVIDIA:mainfrom
areporeporepo wants to merge 1 commit intoNVIDIA:mainfrom
Conversation
Sandbox names from user input are interpolated into shell commands
without sanitization. A malicious name with shell metacharacters
could execute arbitrary commands.
Add validateName() in runner.js that enforces [a-zA-Z0-9._-]{1,63}
and call it at all entry points: CLI dispatch, deploy, and onboard.
Signed-off-by: Anh Nguyen <29374105+aprprprr@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: anh nguyen <29374105+aprprprr@users.noreply.github.com>
futhgar
added a commit
to futhgar/NemoClaw
that referenced
this pull request
Mar 16, 2026
Sandbox and instance names from user input are interpolated directly
into shell commands (openshell sandbox connect, docker run --name, etc.)
without validation. A name containing shell metacharacters could execute
arbitrary commands on the host.
Add validateName() to runner.js enforcing ^[a-zA-Z0-9][a-zA-Z0-9._-]{0,62}$
and call it at the three user-input entry points:
- CLI sandbox dispatch (nemoclaw <name> <action>)
- deploy command (nemoclaw deploy <instance-name>)
- onboard wizard (sandbox name prompt)
Includes 7 unit tests covering valid names, length limits, empty input,
shell metacharacter rejection, and custom error labels.
Fixes NVIDIA#45
Signed-off-by: futhgar <jmaldonado.rosa@gmail.com>
6 tasks
mafueee
pushed a commit
to mafueee/NemoClaw
that referenced
this pull request
Mar 28, 2026
Replace all GitLab-specific skill workflows with GitHub equivalents: - create-gitlab-mr -> create-github-pr (gh pr create) - review-gitlab-mr -> review-github-pr (gh pr diff/view) - create-gitlab-issue -> create-github-issue (gh issue create) - watch-gitlab-pipeline -> watch-github-actions (gh run) - Update review-security-issue, fix-security-issue, build-from-issue to use gh CLI and GitHub API patterns - Update CONTRIBUTING.md references
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
openshell sandbox connect ${name},docker run --name ${name}, etc.) without validation;,$(), backticks, pipes) could execute arbitrary commands on the hostvalidateName()torunner.jsenforcing^[a-zA-Z0-9][a-zA-Z0-9._-]{0,62}$and call it at the three entry points: CLI sandbox dispatch,deploy, andonboardTest plan
nemoclaw my-assistant connect— valid name, works as beforenemoclaw "test; echo pwned" connect— rejected with clear errornemoclaw onboardwith empty name input → defaults tomy-assistant(valid)nemoclaw deploy good-name-123— passes validationnemoclaw deploy '$(whoami)'— rejectedHappy GTC!
🤖 Generated with Claude Code