The latest updates on your projects. Learn more about Vercel for GitHub.

Request Review

Greptile Summary

Hardens PTY provider command resolution by replacing subprocess-based path lookup with in-process checks and improving shell escaping for remote SSH execution.

Key Changes:

• Moved quoteShellArg to shared utility and applied it consistently to all remote command tokens, preventing shell metacharacter injection in custom CLI strings
• Replaced which/where subprocess calls with in-process PATH resolution using fs.statSync and fs.accessSync, maintaining result caching
• Added parseCustomCliForDirectSpawn to handle Windows absolute paths (including quoted paths with spaces) correctly, preventing them from being misclassified as shell expressions
• Removed backslash from needsShellResolution regex so Windows paths like C:\Tools\tool.exe can use direct spawn instead of shell mode
• Extended tests to verify metacharacter quoting and Windows path parsing edge cases

Minor Issues:

• Line 198 in ptyIpc.ts contains redundant fallback logic that duplicates the fallback chain from lines 193-197

Confidence Score: 4/5

• This PR is safe to merge with low risk, implementing security-focused improvements with comprehensive test coverage
• The changes improve security by hardening shell escaping and removing subprocess dependencies, with regression tests covering edge cases. Minor style issue with redundant fallback logic doesn't affect correctness. The removal of backslash from shell resolution regex and new Windows path parsing are well-tested and intentional improvements.
• No files require special attention

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
 A[Start: Resolve Provider Command] --> B{Custom CLI configured?}
 B -->|Yes| C{Platform Check}
 B -->|No| D[Use Default Provider CLI]
 
 C -->|Windows| E[parseCustomCliForDirectSpawn]
 C -->|Unix| F[parseShellArgs]
 
 E --> G{Is Windows absolute/UNC path?}
 G -->|Yes, no spaces| H[Return as single token]
 G -->|Yes, quoted with spaces| I[Strip quotes, return path]
 G -->|No| F
 
 F --> J[Parse as shell args]
 J --> K{Multiple tokens?}
 K -->|Yes| L[Fallback to shell mode]
 K -->|No| M[Single executable token]
 
 M --> N{Needs shell resolution?}
 N -->|Has metacharacters| L
 N -->|No metacharacters| O[Resolve executable path]
 
 O --> P{Path-like or in PATH?}
 P -->|Path-like| Q[Resolve as absolute path]
 P -->|In PATH| R[Search PATH dirs]
 
 Q --> S{Is executable file?}
 R --> S
 S -->|Yes| T[Cache and return path]
 S -->|No| U[Return null, fallback]
 
 D --> V[Build remote command]
 H --> V
 I --> V
 T --> V
 L --> W[Shell spawn mode]
 U --> W
 
 V --> X[Quote all tokens with quoteShellArg]
 X --> Y[Join with spaces]
 Y --> Z[Execute via SSH or direct spawn]

_{Last reviewed commit: a1addde}