🛡️ Sentinel: [CRITICAL] Fix command injection in powershell

[Dexploarer]

🚨 Severity: CRITICAL
💡 Vulnerability: Command injection vulnerability existed in performType and performKeypress on Windows due to relying on single-quote escaping for user input passed to powershell -Command.
🎯 Impact: Arbitrary command execution on the host machine via the sandbox API.
🔧 Fix: Encoded user input as a Base64 string in Node and decoded it natively inside the PowerShell script block.
✅ Verification: Verified via bun test src/api/__tests__/sandbox-routes.test.ts and successfully documented learning in .jules/sentinel.md.

---

PR created automatically by Jules for task 17117041012147318267 started by @Dexploarer

[google-labs-jules]

👋 Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.

---

For security, I will only act on instructions from the user who triggered this task.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a critical command injection vulnerability affecting Windows environments within the sandbox API. The fix enhances security by implementing a robust Base64 encoding and decoding strategy for user input passed to PowerShell commands, thereby preventing arbitrary command execution and strengthening the system's integrity against malicious input.

Highlights

• Critical Vulnerability Addressed: Fixed a critical command injection vulnerability in performType and performKeypress functions on Windows, which allowed arbitrary command execution via the sandbox API.
• Robust Input Handling: Implemented a secure input handling mechanism by encoding user input as a Base64 string in Node.js and decoding it natively within the PowerShell script block, replacing the insecure single-quote escaping.
• Security Documentation: Documented the vulnerability, the lessons learned, and the prevention strategy in a new .jules/sentinel.md file.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[codereviewbot-ai]

Missing graceful error handling for Linux keyboard input:

The Linux branch in performType throws an error if xdotool is not available:

throw new Error("xdotool required for keyboard input on Linux.");

This abrupt error may not be caught at the API layer, resulting in an unstructured error response. Consider catching this error at a higher level and returning a structured JSON error to the client, as is done elsewhere in the API.

Recommended solution:
Ensure that all platform-specific errors are caught and returned as structured API responses, e.g.:

try {
  performType(text);
  sendJson(res, 200, { success: true });
} catch (err) {
  sendJson(res, 500, { error: String(err) });
}

[codereviewbot-ai]

Missing graceful error handling for Linux key input:

The Linux branch in performKeypress throws an error if xdotool is not available:

throw new Error("xdotool required for key input on Linux.");

This abrupt error may not be caught at the API layer, resulting in an unstructured error response. As with keyboard input, consider catching this error at a higher level and returning a structured JSON error to the client.

Recommended solution:
Wrap platform-specific calls in try/catch and return structured error responses to the API caller.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 6a7092d0-f286-4cbb-a2b7-7b67cf6d59e3

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch sentinel-fix-powershell-injection-17117041012147318267

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request addresses a critical command injection vulnerability in the performType and performKeypress functions for Windows. The fix correctly replaces the insecure single-quote escaping with Base64 encoding of the user input, which is a robust solution to prevent command injection. My review confirms the fix is effective. I've added one comment regarding code duplication between the two modified functions, which could be addressed to improve maintainability.

[gemini-code-assist]

This logic for handling Windows SendKeys is duplicated from the performType function (lines 1088-1096). To improve maintainability and reduce code duplication, consider extracting this logic into a shared helper function. This new function could take the input string and timeout as arguments and encapsulate the Base64 encoding and runCommand call.