← Back to PRs

#15615: fix(security): restrict PATH override to exact match in node-host sanitizeEnv

by AI-Reviewer-QS open 2026-02-13 17:26 View on GitHub →
stale size: XL
## Summary - `sanitizeEnv()` in node-host accepted any PATH value ending with the current base PATH - This allowed prepending arbitrary directories (e.g., `/tmp/evil:/usr/local/bin:/usr/bin`) - An authenticated caller could shadow allowlisted binaries with attacker-controlled executables ## Fix - Only accept PATH overrides that exactly match the current base PATH - Reject any attempt to prepend or modify PATH directories ## Test plan - [x] Existing node-host tests pass <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR updates environment sanitization in the node-host runner to prevent PATH shadowing: instead of allowing any PATH value that ends with the base PATH, it now only accepts PATH overrides that exactly match the base PATH and rejects any prepending/modification attempts. It also adjusts process command-queue logic/tests to ensure pending promises are rejected when clearing the command lane, avoiding hangs/leaked awaits when the queue is reset. <h3>Confidence Score: 4/5</h3> - This PR is largely safe to merge, with one behavioral edge case around PATH handling to confirm/fix. - The security change correctly blocks PATH prepending, and the command-queue change cleanly rejects cleared queued entries with a test. The remaining concern is that PATH overrides are now silently ignored when empty or when basePath is empty, which can leave an unintended inherited PATH in effect and may not match the intended security posture. - src/node-host/runner.ts <sub>Last reviewed commit: 1c6a7fb</sub> <!-- greptile_other_comments_section --> **Context used:** - Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=fd949e91-5c3a-4ab5-90a1-cbe184fd6ce8)) - Context from `dashboard` - AGENTS.md ([source](https://app.greptile.com/review/custom-context?memory=0d0c8278-ef8e-4d6c-ab21-f5527e322f13)) <!-- /greptile_comment -->

Most Similar PRs