From 1fa06d2045ff76fba93209728b7f2fd6072115db Mon Sep 17 00:00:00 2001
From: orbisai0security <orbisai0security@users.noreply.github.com>
Date: Mon, 30 Mar 2026 04:16:33 +0000
Subject: [PATCH] fix: sanitize subprocess call in ssh-agent.py

The SSH proxy scripts pass command-line arguments directly to subprocess
---
 plugins/shell-proxy/ssh-agent.py | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/plugins/shell-proxy/ssh-agent.py b/plugins/shell-proxy/ssh-agent.py
index 4ee24b755..06fe887a7 100755
--- a/plugins/shell-proxy/ssh-agent.py
+++ b/plugins/shell-proxy/ssh-agent.py
@@ -13,4 +13,20 @@ argv = [
     "Compression=yes",
 ]
 
-subprocess.call(argv + sys.argv[1:], env=os.environ)
+
+def _validate_args(args):
+    """Validate arguments to prevent command injection attacks.
+
+    Rejects any argument containing shell metacharacters that could be
+    used to inject arbitrary commands, even when shell=False is used,
+    as a defense-in-depth measure.
+    """
+    dangerous_chars = frozenset({';', '&', '|', '`', '\n', '\r', '\0'})
+    for arg in args:
+        if any(c in arg for c in dangerous_chars):
+            print("ssh-agent: invalid argument rejected: {}".format(arg), file=sys.stderr)
+            sys.exit(1)
+    return list(args)
+
+
+subprocess.call(argv + _validate_args(sys.argv[1:]), env=os.environ, shell=False)