Summary
RooCode does not validate line breaks (\n) in command input, allowing potential bypass of the allow-list mechanism.
Details
RooCode appears to lack parsing or validation logic to prevent multi-line command injection. When commands are evaluated for execution, only the first line or token may be considered, enabling attackers to smuggle additional commands in subsequent lines.
For example, if only tsc is allow-listed, the following command:
would still result in the execution of python3, even though it is not on the allow list. This bypass undermines the integrity of the allow-list policy and allows unintended command execution.
PoC
Impact
This vulnerability allows a user to execute disallowed commands by inserting them after a line break in a multi-line input, effectively bypassing command restrictions.
yellowday60-git Reporter
MaccariTA Reporter
Summary
RooCode does not validate line breaks (
\n) in command input, allowing potential bypass of the allow-list mechanism.Details
RooCode appears to lack parsing or validation logic to prevent multi-line command injection. When commands are evaluated for execution, only the first line or token may be considered, enabling attackers to smuggle additional commands in subsequent lines.
For example, if only
tscis allow-listed, the following command:would still result in the execution of
python3, even though it is not on the allow list. This bypass undermines the integrity of the allow-list policy and allows unintended command execution.PoC
Impact
This vulnerability allows a user to execute disallowed commands by inserting them after a line break in a multi-line input, effectively bypassing command restrictions.