Summary

apply_shell_wrapper() in crates/okena-workspace/src/hooks.rs:950-959 uses raw string replacement to build a shell command from the shell_wrapper setting, enabling arbitrary command execution.

Vulnerable Code

pub fn apply_shell_wrapper(shell: &ShellType, wrapper: &str, env_vars: &HashMap<String, String>) -> ShellType {
    let shell_cmd = shell.to_command_string();
    let wrapped = wrapper.replace("{shell}", &format!("exec {}", shell_cmd));
    let prefix = build_export_prefix(env_vars);
    ShellType::for_command(format!("{}{}", prefix, wrapped))
}

Attack Vector

A malicious project or shared configuration sets:

{
  "hooks": {
    "terminal": {
      "shell_wrapper": "malicious_command; {shell}"
    }
  }
}

The resulting command becomes:

sh -c 'malicious_command; exec /bin/zsh'

This executes in every terminal session opened while this configuration is active.

Severity

Critical — remote code execution via malicious project configuration, affecting every new terminal.

Suggested Fix

• Validate the wrapper template format — reject patterns containing shell metacharacters (&&, ||, ;, |, $, backticks) outside the {shell} placeholder
• Require explicit user approval for project-level shell wrappers
• Consider using a structured wrapper definition instead of a raw shell template

Related: the on_create hook has the same class of vulnerability (see separate issue).