fix(hook): prevent flag injection in rtk-rewrite hooks (#1350)#1370
Open
ousamabenyounes wants to merge 1 commit intortk-ai:developfrom
Open
fix(hook): prevent flag injection in rtk-rewrite hooks (#1350)#1370ousamabenyounes wants to merge 1 commit intortk-ai:developfrom
ousamabenyounes wants to merge 1 commit intortk-ai:developfrom
Conversation
Before this change, the Claude and Cursor rewrite hooks called `rtk rewrite "$CMD"` without a `--` terminator. An LLM-generated command starting with `-`/`--` (e.g. "--help") would be intercepted by clap as a flag to the `rewrite` subcommand, causing the help text to be emitted as the "rewritten" command and fed back to the agent, which would then shell-execute the help-text content. Adding `--` makes clap treat `$CMD` as a positional argument so no flag-injection is possible. New tests exercise `--help`, `-h`, `--version`, and `-V` at both the CLI parser level (Rust) and the hook level (bash). Co-Authored-By: Claude <noreply@anthropic.com>
pszymkowiak
added
bug
Collaborator
📊 Automated PR Analysis
SummaryFixes a flag injection vulnerability in rtk-rewrite hooks where an LLM-generated command starting with '-' or '--' (e.g. '--help') would be interpreted by clap as a flag to Review Checklist
Linked issues: #1350 Analyzed automatically by wshm · This is an automated analysis, not a human review. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #1350.
--end-of-options terminator before"$CMD"inhooks/claude/rtk-rewrite.sh:55andhooks/cursor/rtk-rewrite.sh:43(same bug in both hooks).-/--(e.g.--help) would otherwise be intercepted by clap as a flag tortk rewrite, causing the help text to be emitted as the "rewritten" command and fed back to the agent for shell execution.--makes clap treat$CMDas a positional argument, closing the injection path.Test plan
cargo fmt --all --check && cargo clippy --all-targets && cargo test— 1591 passed, 6 ignored (baseline was 1590 pass, +1 from new test)test_rewrite_clap_double_dash_blocks_flag_injectioncovers--help,-h,--version,-Vhooks/claude/test-rtk-rewrite.sh(5 flag-injection cases, all pass against the patched hook)rtk rewrite "--help"emits help text (bug),rtk rewrite -- "--help"emits nothing with exit 1 (fix)Files changed
hooks/claude/rtk-rewrite.sh--before"$CMD"+ comment explaining whyhooks/cursor/rtk-rewrite.shhooks/claude/test-rtk-rewrite.shsrc/main.rs#[test]verifying clap +--behavior forCommands::RewriteNotes
developwithout this PR.Generated by Claude Code