Skip to content

Harden memory.sync git transport against ext::/fd:: command execution (#51)#60

Draft
TYRMars wants to merge 1 commit into
mainfrom
claude/vibrant-dijkstra-Li97W
Draft

Harden memory.sync git transport against ext::/fd:: command execution (#51)#60
TYRMars wants to merge 1 commit into
mainfrom
claude/vibrant-dijkstra-Li97W

Conversation

@TYRMars
Copy link
Copy Markdown
Owner

@TYRMars TYRMars commented May 30, 2026

Summary

Closes #51 — arbitrary command execution risk via git's ext:: / fd:: remote-helper transports in the memory.sync_setup / memory.sync codepath.

What was already in place

The primary validation the issue asks for is already present: memory_sync.rs calls crate::memory_include::validate_git_url(remote_url) at the top of MemorySyncSetupTool::invoke (added in ae7832a, the #37 fix). That rejects ext:: / fd:: / any <transport>:: form, leading -, and control chars before the URL reaches git remote add.

The remaining gap this PR closes

memory_sync.rs has its own run_git helper, and unlike memory_include.rs's it did not export GIT_ALLOW_PROTOCOL. That matters because:

  • memory.sync's push / pull / fetch operate on an already-stored remote.origin.url that never re-passes validate_git_url. A remote set out-of-band (manual git remote add, a repo cloned with a hostile config, or any future validation bypass) could still fire ext:: / fd::.

This PR pins GIT_ALLOW_PROTOCOL=https:ssh:git:file on every git invocation in memory_sync, as defence in depth — mirroring memory_include::run_git. The shared constant is promoted to pub(crate) so there's a single source of truth.

Changes

  • memory_include.rs: GIT_ALLOW_PROTOCOLpub(crate).
  • memory_sync.rs: run_git now exports GIT_ALLOW_PROTOCOL.
  • New regression test run_git_refuses_ext_transport_configured_out_of_band: configures an ext:: remote directly (bypassing the validator), runs git push, and asserts the smuggled command never executes.

Testing

  • cargo test -p harness-tools memory_sync:: / memory_include:: — all pass (commit-signing disabled in the sandbox; the 4 git commit-based tests are unrelated and fail only because this environment forces SSH commit signing against a stub server).
  • cargo clippy -p harness-tools --all-targets -- -D warnings — clean.

Note: file:// is intentionally kept allowed (it's a safe local transport git handles natively); the issue listed it as a "reject" candidate but the existing validate_git_url contract deliberately permits it, so this PR does not change that.

https://claude.ai/code/session_01UxZiFGdjUnrqLitT3S92uC

Generated by Claude Code

@claude
Harden memory.sync git transport against ext::/fd:: command execution
596ae32 
Pin GIT_ALLOW_PROTOCOL on every git invocation in memory_sync's run_git,
mirroring memory_include. memory.sync_setup already validates remote_url
via validate_git_url, but memory.sync's push/pull act on an
already-stored remote.origin.url that never re-passes validation — an
out-of-band remote set to an ext::/fd:: transport could still execute
arbitrary commands. Exporting GIT_ALLOW_PROTOCOL refuses those protocols
at the git layer as defence in depth.

Adds a regression test that configures an ext:: remote directly
(bypassing the validator) and asserts the smuggled command never runs.

Fixes #51

https://claude.ai/code/session_01UxZiFGdjUnrqLitT3S92uC
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

memory.sync_setup accepts ext::/fd:: git transport URLs → arbitrary command execution via remote_url

2 participants

@TYRMars @claude