Skip to content

Security: Prevent ANSI injection attacks in user-facing output #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tikazyq merged 6 commits into from
Nov 3, 2025
Merged

Security: Prevent ANSI injection attacks in user-facing output #12

tikazyq merged 6 commits into from
Nov 3, 2025

Conversation

Copy link
Contributor

Copilot AI commented Nov 3, 2025
edited
Loading

User-controlled input (spec names, paths, tags, assignees) flows through chalk formatting without sanitization, enabling ANSI injection attacks that can manipulate terminal behavior, hide output, or inject malicious control sequences.

Changes

Security Module

  • src/utils/safe-output.ts: Centralized sanitization using strip-ansi to remove ANSI codes and control characters while preserving unicode/emojis
  • src/safe-output.test.ts: 42 tests covering injection vectors (CSI sequences, OSC commands, cursor control, bell spam, hyperlink injection)

Command Migration

Sanitize user input before display in 8 commands:

  • create.ts, archive.ts, update.ts: spec paths
  • board.ts: spec paths, tags, assignees
  • search.ts: queries, results, metadata
  • files.ts: spec/file names
  • deps.ts: dependency paths
  • check.ts: conflict paths

Example

// Before: vulnerable to injection
console.log(chalk.green(`✓ Created: ${specDir}/`));

// After: sanitized
console.log(chalk.green(`✓ Created: ${sanitizeUserInput(specDir)}/`));

Attack example prevented:

lspec create $'\x1b[31mFAKE ERROR\x1b[0m'
# Before: displays red "FAKE ERROR" 
# After: displays "FAKE ERROR" without color codes

Dependencies

Original prompt

let's implement console-log-chalk-security

Created from VS Code via the GitHub Pull Request extension.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@vercel
Copy link

vercel bot commented Nov 3, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
lean-spec Ready Ready Preview Comment Nov 3, 2025 3:03pm

Copilot AI changed the title [WIP] let's implement cons... Security: Prevent ANSI injection attacks in user-facing output Nov 3, 2025
Copilot AI requested a review from tikazyq November 3, 2025 14:57
@tikazyq tikazyq marked this pull request as ready for review November 3, 2025 15:00
Copilot AI review requested due to automatic review settings November 3, 2025 15:00
Copilot AI reviewed Nov 3, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements security hardening to prevent ANSI injection attacks by sanitizing user-controlled input before displaying it in the terminal. The changes introduce a centralized sanitization utility and apply it consistently across all commands that display user-provided content.

  • Adds sanitizeUserInput() function to strip ANSI escape sequences and control characters from user input
  • Wraps all user-controlled output (spec names, paths, tags, assignees, queries) with sanitization
  • Provides comprehensive test coverage for various injection attack vectors

Reviewed Changes

Copilot reviewed 13 out of 14 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/utils/safe-output.ts New security module with sanitization utilities and safe output functions
src/safe-output.test.ts Comprehensive tests for sanitization and safe output functions (327 lines, 42 test cases)
src/utils/ui.ts Re-exports sanitizeUserInput and adds documentation notes about pre-sanitization
src/commands/update.ts Sanitizes spec paths in error and success messages
src/commands/search.ts Sanitizes query strings, filter options, and search result metadata
src/commands/files.ts Sanitizes spec names and file names in directory listings
src/commands/deps.ts Sanitizes dependency paths in dependency tree output
src/commands/create.ts Sanitizes spec directory and file paths in creation messages
src/commands/check.ts Sanitizes conflicting spec paths in validation output
src/commands/board.ts Sanitizes spec paths, assignees, and tags in board view
src/commands/archive.ts Sanitizes spec paths in archive operations
package.json Adds strip-ansi@^7.1.2 dependency
pnpm-lock.yaml Lock file update for new dependency
specs/.../README.md Updates spec status to complete
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

src/commands/files.ts
for (const file of documents) {
const size = formatSize(file.size);
console.log(chalk.cyan(` ✓ ${file.name.padEnd(20)} (${size})`));
console.log(chalk.cyan(` ✓ ${sanitizeUserInput(file.name).padEnd(20)} (${size})`));
Copy link

Copilot AI Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Calling .padEnd(20) on the sanitized filename can cause misalignment when the filename contains multi-byte unicode characters or emojis. The sanitization preserves unicode/emojis but .padEnd() counts by string length, not visual width. Consider sanitizing after padding or using a display-width-aware padding function.

Copilot uses AI. Check for mistakes.
src/commands/files.ts
for (const file of assets) {
const size = formatSize(file.size);
console.log(chalk.yellow(` ✓ ${file.name.padEnd(20)} (${size})`));
console.log(chalk.yellow(` ✓ ${sanitizeUserInput(file.name).padEnd(20)} (${size})`));
Copy link

Copilot AI Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Calling .padEnd(20) on the sanitized filename can cause misalignment when the filename contains multi-byte unicode characters or emojis. The sanitization preserves unicode/emojis but .padEnd() counts by string length, not visual width. Consider sanitizing after padding or using a display-width-aware padding function.

Copilot uses AI. Check for mistakes.
@tikazyq tikazyq merged commit df17bb7 into main Nov 3, 2025
3 checks passed
@tikazyq tikazyq deleted the copilot/fix-217570708-1087021690-efb63b60-92dd-4cfb-921f-3403c4059d59 branch November 3, 2025 15:05
tikazyq added a commit that referenced this pull request Dec 17, 2025
@tikazyq
Merge pull request #12 from codervisor:copilot/fix-217570708-10870216…
97dd335 
…90-efb63b60-92dd-4cfb-921f-3403c4059d59

Security: Prevent ANSI injection attacks in user-facing output
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@tikazyq tikazyq Awaiting requested review from tikazyq

Assignees

@tikazyq tikazyq

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tikazyq