fix(security): keep Lakebase PAT off the command line + unify shell escaping#167
Open
antonyprasad-db wants to merge 1 commit into
Open
Conversation
…scaping Two hardening fixes to the deploy/UC/secret shell-out seams. 1. secret-auth.ts stored the minted PAT with `databricks secrets put-secret … --string-value "<pat>"`, putting the secret in the process table (ps) and any shell trace for the call's lifetime. Feed the PAT on stdin instead (the CLI's documented alternative to --string-value); it no longer appears as a process arg. exec() gains an `input` option that writes to the child's stdin and closes it. 2. Six modules (secret-auth, deploy-credentials, deploy-rollback, uc-resources, databricks-host, deploy-app-endpoint) each defined a local escapeShellArg that only escaped double quotes, leaving $, backticks, and other metacharacters shell-active inside the double-quoted interpolations - a correctness bug and injection surface for any scope/key/catalog/comment value containing them. Replace every call site with the canonical POSIX single-quote escaper shq() from util/exec.ts and delete the duplicated local escapers. Behavior is unchanged for well-formed inputs; the fixes close the ps exposure and the metacharacter gap. Full hermetic suite green; added exec() stdin coverage. Co-authored-by: Isaac
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Two hardening fixes to the deploy / UC / secret shell-out seams.
1. 🔴 Lakebase PAT no longer passed on the command line
ensureLakebaseSecretAuthstored the minted PAT with:--string-valueputs the secret in the process table (ps auxww) and any shell trace for the call's lifetime — visible to any other process/user on the host. This is the one file that mints and stores a long-lived token, so it's the highest-value seam to fix.The Databricks CLI documents stdin as the alternative to
--string-value("Pass the secret via standard input"). The PAT is now fed on stdin, so it never appears as a process argument.exec()gains aninputoption that writes to the child's stdin and closes it.2. 🟠 Unified shell escaping on the canonical
shq()Six modules —
secret-auth,deploy-credentials,deploy-rollback,uc-resources,databricks-host,deploy-app-endpoint— each defined a localescapeShellArgthat only escaped". Inside the double-quoted interpolations they were used in, that left$, backticks, and other metacharacters shell-active — a correctness bug (and injection surface) for any scope / key / catalog / comment value containing them.All call sites now use the canonical POSIX single-quote escaper
shq()fromutil/exec.ts(already used throughoutscripts/git/*and covered bygit-utils.test.ts). The six duplicated local escapers are deleted.Why
Both are latent security/correctness gaps on the credential + deploy paths — exactly the surfaces that run against customer/partner workspaces. Behavior is unchanged for well-formed inputs; the fixes close the
psexposure and the metacharacter gap.Testing
npm test): ✅ 2410 passed, 0 failed. Addedexec()stdin coverage (tests/bdd/exec.test.ts);shqcorrectness is already covered ingit-utils.test.ts.npm run typecheck: ✅ clean.put-secretstdin path is the CLI's documented equivalent of--string-value. Flagging per CONTRIBUTING so a reviewer with workspace access can green Tier 3.Notes
dist/(shipped separately inbuild:/release:commits).main, no overlapping files.