From f5dd905fb496eabe0cf3b07f8f2bb3324690cdcb Mon Sep 17 00:00:00 2001 From: bitterpanda Date: Fri, 6 Feb 2026 13:32:59 +0100 Subject: [PATCH 1/2] Add \r and \f as separators for shell commands --- .../shell_injection/contains_shell_syntax.py | 2 +- .../contains_shell_syntax_test.py | 24 +++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/aikido_zen/vulnerabilities/shell_injection/contains_shell_syntax.py b/aikido_zen/vulnerabilities/shell_injection/contains_shell_syntax.py index a1d116c1e..b568923d3 100644 --- a/aikido_zen/vulnerabilities/shell_injection/contains_shell_syntax.py +++ b/aikido_zen/vulnerabilities/shell_injection/contains_shell_syntax.py @@ -105,7 +105,7 @@ "/usr/local/sbin/", ] -separators = [" ", "\t", "\n", ";", "&", "|", "(", ")", "<", ">"] +separators = [" ", "\t", "\n", ";", "&", "|", "(", ")", "<", ">", "\r", "\f"] # Function to sort commands by length (longer commands first) diff --git a/aikido_zen/vulnerabilities/shell_injection/contains_shell_syntax_test.py b/aikido_zen/vulnerabilities/shell_injection/contains_shell_syntax_test.py index c3535f268..785d470c8 100644 --- a/aikido_zen/vulnerabilities/shell_injection/contains_shell_syntax_test.py +++ b/aikido_zen/vulnerabilities/shell_injection/contains_shell_syntax_test.py @@ -137,3 +137,27 @@ def test_command_with_dangerous_chars(): def test_command_with_path_and_arguments(): assert contains_shell_syntax("/usr/bin/ls -l", "/usr/bin/ls") is True assert contains_shell_syntax("/bin/cp file1 file2", "/bin/cp") is True + + +def test_newline_as_separator(): + assert contains_shell_syntax("ls\nrm", "rm") is True + assert contains_shell_syntax("echo test\nrm -rf /", "rm") is True + assert contains_shell_syntax("rm\nls", "rm") is True + + +def test_tab_as_separator(): + assert contains_shell_syntax("ls\trm", "rm") is True + assert contains_shell_syntax("echo test\trm -rf /", "rm") is True + assert contains_shell_syntax("rm\tls", "rm") is True + + +def test_carriage_return_as_separator(): + assert contains_shell_syntax("ls\rrm", "rm") is True + assert contains_shell_syntax("echo test\rrm -rf /", "rm") is True + assert contains_shell_syntax("rm\rls", "rm") is True + + +def test_form_feed_as_separator(): + assert contains_shell_syntax("ls\frm", "rm") is True + assert contains_shell_syntax("echo test\frm -rf /", "rm") is True + assert contains_shell_syntax("rm\fls", "rm") is True From 5106015455f4571fcbb15b479957797be2e11c37 Mon Sep 17 00:00:00 2001 From: BitterPanda Date: Wed, 11 Feb 2026 11:28:21 +0100 Subject: [PATCH 2/2] add \r and \f as dangerous shell characters this is in case the command == the user input --- .../shell_injection/contains_shell_syntax.py | 2 ++ .../detect_shell_injection_test.py | 32 +++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/aikido_zen/vulnerabilities/shell_injection/contains_shell_syntax.py b/aikido_zen/vulnerabilities/shell_injection/contains_shell_syntax.py index b568923d3..3d590659d 100644 --- a/aikido_zen/vulnerabilities/shell_injection/contains_shell_syntax.py +++ b/aikido_zen/vulnerabilities/shell_injection/contains_shell_syntax.py @@ -30,6 +30,8 @@ "\n", "\t", "~", + "\r", + "\f", ] commands = [ diff --git a/aikido_zen/vulnerabilities/shell_injection/detect_shell_injection_test.py b/aikido_zen/vulnerabilities/shell_injection/detect_shell_injection_test.py index 7a0e9a2d2..cb264f2f0 100644 --- a/aikido_zen/vulnerabilities/shell_injection/detect_shell_injection_test.py +++ b/aikido_zen/vulnerabilities/shell_injection/detect_shell_injection_test.py @@ -394,3 +394,35 @@ def test_it_flags_comma_in_loop(): done""", "for (( i=0, j=10; i