Skip to content

fix: prevent SSH destinations from being parsed as options#4042

Open
nszhsl wants to merge 1 commit into
pingdotgg:mainfrom
nszhsl:codex/ssh-command-hardening
Open

fix: prevent SSH destinations from being parsed as options#4042
nszhsl wants to merge 1 commit into
pingdotgg:mainfrom
nszhsl:codex/ssh-command-hardening

Conversation

@nszhsl

@nszhsl nszhsl commented Jul 16, 2026

Copy link
Copy Markdown

What Changed

  • Insert the OpenSSH option terminator (--) before user-controlled destinations in both normal commands and tunnel processes.
  • Add regression tests for option-like host aliases, including -oProxyCommand=....
  • Keep the remote sh -s -- command and tunnel stop-command assertions distinct.

Why

SSH host aliases come from user configuration. Without an option terminator, an alias that begins with - can be parsed as another OpenSSH option rather than as the destination. That can unexpectedly change SSH behavior.

Placing -- immediately before the destination preserves the existing SSH arguments and ensures the destination is treated only as a positional value.

Verification

  • vp check (passes; 9 existing React warnings)
  • vp run typecheck
  • vp test packages/ssh/src/command.test.ts packages/ssh/src/tunnel.test.ts (20 tests)

Checklist

  • This PR is small and focused
  • I explained what changed and why
  • I included before/after screenshots for any UI changes (not applicable; no UI changes)
  • I included a video for animation/interaction changes (not applicable; no UI changes)

Note

Medium Risk
Small argv change in security-sensitive SSH spawning paths; behavior should be safer but any OpenSSH/version quirk around -- with remote commands would affect all SSH usage.

Overview
Inserts OpenSSH’s -- option terminator immediately before user-configured host destinations when spawning ssh for remote commands and for -N port-forward tunnels, so values like -oProxyCommand=… are parsed as the destination (and remote command args) instead of as extra SSH options.

Adds a regression test that asserts the spawned argv places -- before a malicious-looking alias and any remoteCommandArgs. Tunnel integration tests are tightened to distinguish sh -s -- launch scripts from other sh invocations and to assert tunnel commands end with -- plus the expected user@host spec.

Reviewed by Cursor Bugbot for commit 97aff10. Bugbot is set up for automated code reviews on this repo. Configure here.

Note

Prevent SSH destinations from being parsed as options by inserting -- before host args

Inserts -- into the SSH args list immediately before the destination host in both command.ts and tunnel.ts, ensuring user-controlled host values are never interpreted as SSH options. Tests in command.test.ts and tunnel.test.ts are updated to assert the presence and position of the separator.

📊 Macroscope summarized 97aff10. 2 files reviewed, 0 issues evaluated, 0 issues filtered, 0 comments posted

🗂️ Filtered Issues

No issues evaluated.

- SSH 目标来自用户配置,以 - 开头时会被 OpenSSH 当作命令行选项
- 统一加入 -- 可保留现有参数顺序,并同时覆盖普通命令和端口转发
@coderabbitai

coderabbitai Bot commented Jul 16, 2026

Copy link
Copy Markdown

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 3d21ed79-b80f-45a3-bccb-61814690b655

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions github-actions Bot added vouch:unvouched PR author is not yet trusted in the VOUCHED list. size:XS 0-9 changed lines (additions + deletions). labels Jul 16, 2026
@macroscopeapp

macroscopeapp Bot commented Jul 16, 2026

Copy link
Copy Markdown
Contributor

Approvability

Verdict: Needs human review

This PR addresses a command injection vulnerability by adding '--' delimiters before user-controlled SSH destinations. Security-related changes warrant human review to verify the fix is complete and correctly applied.

You can customize Macroscope's approvability policy. Learn more.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

size:XS 0-9 changed lines (additions + deletions). vouch:unvouched PR author is not yet trusted in the VOUCHED list.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant