Conversation
wordToLiteral() read Lit.Value verbatim from the shell AST, which includes raw backslash escapes (e.g. \\ for literal \). The interpreter path processes these escapes, but the AST fallback path (used when nodeHasUnsafe triggers, e.g. for U+FFFD literals) did not. Add unescapeShellLit() to process \X → X in Lit values, matching interpreter behavior. Fixes FuzzPipelineExtraction bypass where "cat /etc/�\\" extracted path "/etc/�\" instead of "/etc/�".
wordToLiteral incorrectly applied unescapeShellLit to double-quoted literals, stripping backslashes that bash preserves (e.g. "\0" → "0" instead of "\0"). Add unescapeDblQuotedLit with correct bash double- quote escape rules: only \$ \` \" \\ \newline are escapes. Also add unescapeDollarSglQuoted for $'...' strings which support C-style escapes (\n \t \\ etc.) that wordToLiteral previously ignored. Add e2e tests for escape handling and unsafe trigger paths, plus FuzzASTFallbackExtraction targeting the production AST fallback code path.
Pre-compiled fuzz binaries write failing corpus to testdata/fuzz/ relative to the working directory (repo root), not to internal/*/testdata/fuzz/. Add the root-level path so the artifact upload captures these entries on failure.
httpproxy (61.1% → 81.3%): - FlushModified remove/replace mode for Anthropic, OpenAI, Responses APIs - findShellTool priority order and fallback - marshalJSON HTML escape preservation - writeSSEEvent/writeSSEData/writeRaw framing - No-tool-use and allowed-tool-call passthrough mcpgateway (66.7% → 83.9%): - handleGet SSE stream with DLP blocking - handleDelete session removal and upstream error - copyMCPHeaders propagation - proxyJSONResponse DLP block and invalid JSON passthrough - proxySSEResponse DLP block on streaming events
cyyever
changed the title
NFD decompose → strip combining marks (Mn) → NFC recompose before confusable mapping. Prevents E+U+0301 (combining acute) from composing into É which bypasses ASCII regex character classes like [er].
cyyever
changed the title
mvdan.cc/sh/v3 expand.formatInto panics on malformed printf format strings (e.g. printf '%\') inside pipe goroutines where our defer/recover cannot catch it. Replace printf with "true" in CallHandler — its output is not useful for path extraction. Also add fuzz corpus entries for FuzzPipeBypass and FuzzCommandRegexBypass to prevent regression.
v3.13.0 adds bounds checking in expand.formatInto for trailing backslash in format strings (e.g. printf '%\'). This was the root cause of the FuzzPipeBypass goroutine panic — the fix in the upstream library makes our printf→true workaround unnecessary. Also applies API renames (ClbOut → RdrClob) and adds new redirect operators (AppClob, RdrAllClob, AppAllClob) to exhaustive switches.
cyyever
changed the title
The shell parser can produce FuncDecl with nil Name for inputs like "()00". Both astForkBomb and its fuzz oracle accessed fd.Name.Value without a nil guard, causing a panic.
mvdan.cc/sh/v3 parser panics on edge-case inputs like "export A0=$0("
(slice bounds out of range in declClause). Wrap all parser.Parse calls
with safeShellParse which uses defer/recover to convert panics into
errors. This hardens against any future upstream parser bugs.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
nodeHasUnsafetriggers)mvdan.cc/sh/v3v3.12.0 → v3.13.0 to fix printf goroutine panic at root causeChanges
Dependency upgrade
mvdan.cc/sh/v3v3.12.0 → v3.13.0: fixesexpand.formatIntoindex-out-of-range panic on malformed printf format strings (e.g.printf '%\') in pipe goroutines where defer/recover cannot catchsyntax.ClbOut→syntax.RdrCloband add new redirect operators (AppClob,RdrAllClob,AppAllClob) to exhaustive switchesUnicode normalization fix
stripDiacritics()toNormalizeUnicodepipeline: NFD decompose → strip combining marks (category Mn) → NFC recomposeE+ U+0301 (combining acute) from composing intoÉwhich bypasses ASCII regex classes like[er]FuzzCommandRegexBypassfailure:CRONTAB -Éwas not blockedExtractor fixes
wordToLiteral()now dispatches to correct unescape function per quote contextunescapeDblQuotedLit()for correct bash double-quote escape rulesunescapeDollarSglQuoted()for C-style$'...'escape sequencesFuzzASTFallbackExtractionTest coverage
FuzzASTFallbackExtraction(17 seeds, production path)TestASTFallbackEscapes(12 e2e escape cases)TestASTFallbackUnsafeTriggers(7 trigger type cases)CI fix
testdata/fuzz/to artifact upload paths (pre-compiled binaries write corpus to repo root)Test plan
go test -short ./...)FuzzCommandRegexBypasscombining mark corpus entry passesFuzzPipeBypassprintf panic corpus entry passes