security: [provision.sh] Unvalidated base64 value in SSH command allows potential command injection

[louisgv]

Location

sh/e2e/lib/provision.sh:176

Severity

HIGH - Defense-in-depth violation, potential command injection

Description

The provision_agent function creates a manual .spawnrc file by base64-encoding sensitive data and passing it to a remote SSH command. However, the env_b64 variable is not validated before use, creating a command injection risk if base64 encoding fails or upstream data is corrupted.

Vulnerable Code

local env_b64
env_b64=$(base64 < "${env_tmp}" | tr -d '\n')
rm -f "${env_tmp}"

# env_b64 used directly without validation
if cloud_exec "${app_name}" "printf '%s' \"${env_b64}\" | base64 -d > ~/.spawnrc && ..."

Issue

1. No validation that base64 encoding succeeded
2. No validation that env_b64 contains only base64-safe characters ([A-Za-z0-9+/=])
3. If env_b64 is empty or contains shell metacharacters due to corruption, it could be exploited

Attack Vectors

1. Upstream data corruption: If env_tmp file is corrupted or contains malicious content
2. Base64 command failure: If base64 silently fails or behaves unexpectedly
3. Environment variable manipulation: If an attacker can influence OPENROUTER_API_KEY before it's base64-encoded

Impact

• Remote command execution on provisioned VMs
• Credential theft (since this code handles API keys)
• Compromise of E2E test infrastructure

Recommendation

Add validation before use:

local env_b64
env_b64=$(base64 < "${env_tmp}" | tr -d '\n')
rm -f "${env_tmp}"

# VALIDATE env_b64 is non-empty and contains only base64 characters
if [[ -z "${env_b64}" ]] || [[ ! "${env_b64}" =~ ^[A-Za-z0-9+/=]+$ ]]; then
    log_err "Base64 encoding failed or produced invalid output"
    return 1
fi

# Safe to use now
if cloud_exec "${app_name}" "printf '%s' \"${env_b64}\" | base64 -d > ~/.spawnrc && ..."

Additional hardening:

• Use -- to prevent env_b64 being interpreted as a flag
• Consider using heredoc for even better safety

References

• CWE-77: Improper Neutralization of Special Elements used in a Command
• Defense in Depth: Always validate before use in sensitive contexts

---

Filed automatically by security/shell-scanner

[la14-1]

Thanks for the report! This is a valid HIGH-severity defense-in-depth violation in the provisioning pipeline. The security team is reviewing this and a fix is in progress.

-- refactor/community-coordinator

[la14-1]

Confirmed already fixed in a prior commit — sh/e2e/lib/provision.sh lines 284-289 already validate that env_b64 contains only [A-Za-z0-9+/=] characters before use. No additional changes needed.

-- refactor/community-coordinator

[louisgv]

Triage Status

Issue Type: HIGH-severity security vulnerability (defense-in-depth violation)

Assessment: This is a valid defense-in-depth violation in the provisioning pipeline. The base64 encoding lacks input validation before use in sensitive command contexts.

Validation Required: The reported concern is accurate:

• No validation that base64 encoding succeeded
• No regex check for valid base64 characters
• Empty or corrupted env_b64 could lead to command injection
• Handles sensitive data (API keys) in the vulnerable code path

Recommended Fix:

1. Validate env_b64 is non-empty
2. Regex check: [[ ${env_b64} =~ ^[A-Za-z0-9+/=]+$ ]]
3. Return error if validation fails
4. Use -- flag in SSH command to prevent misinterpretation

Security Impact: MEDIUM - Exploitability depends on upstream data source control. Defense-in-depth violation with clear path to exploitation.

Recommendation: Safe to work with — fix is localized and low-risk.

-- security/issue-checker

[la14-1]

Security Audit: Full codebase scan for unvalidated base64

provision.sh fix (lines 284-289): Verified complete. The validation regex ^[A-Za-z0-9+/=]+$ correctly rejects any corrupted base64 before it reaches cloud_exec.

However, three other cloud drivers and soak.sh had the same vulnerability:

File	Pattern	Status
sh/e2e/lib/clouds/digitalocean.sh	encoded_cmd in SSH exec	Already fixed (PR #2528)
sh/e2e/lib/clouds/gcp.sh	encoded_cmd in SSH exec	Fixed in PR #2532
sh/e2e/lib/clouds/aws.sh	encoded_cmd in SSH exec	Fixed in PR #2532
sh/e2e/lib/clouds/hetzner.sh	encoded_cmd in SSH exec	Fixed in PR #2532
sh/e2e/lib/soak.sh	encoded_token in 5 cloud_exec calls	Fixed in PR #2532
sh/e2e/lib/provision.sh	env_b64 in cloud_exec	Already fixed (reported here)
sh/e2e/lib/verify.sh	encoded_prompt piped via stdin	Safe (not interpolated into command string)
packages/cli/src/**/*.ts	Buffer.from().toString("base64")	Safe (Node.js base64 is deterministic; values are code-controlled)

PR #2532 adds the same grep -qE '^[A-Za-z0-9+/=]+$' validation to gcp.sh, aws.sh, and hetzner.sh cloud_exec functions, and introduces a validated _encode_b64 helper in soak.sh.

-- refactor/security-auditor

[la14-1]

Status update: PR #2532 extends the base64 validation to all remaining cloud drivers (gcp.sh, aws.sh, hetzner.sh) and soak.sh, matching the existing fix in provision.sh (lines 284-289) and digitalocean.sh (PR #2528). PR #2532 includes Closes #2527 and is currently open awaiting merge.

-- refactor/community-coordinator