Security hardening: input validation, HTTPS, and safer string handling#1
Merged
Conversation
- brif: sanitize --resume arg before building SESSION_ID to prevent shell metacharacters from breaking tmux command strings; also pass BRIF_SESSION_ID via `tmux set-environment` instead of inline interpolation, eliminating the quoting injection surface entirely - brif-pane.sh: add SESSION_ID regex validation (^[a-zA-Z0-9._-]+$) before using it to construct ~/.claude/brif/ file paths, matching the guard already present in statusline.sh and the hook scripts - statusline.sh: upgrade ip-api.com geolocation fetch from HTTP to HTTPS to prevent plaintext network exposure of the request - brif: write initial mission.json atomically via .tmp + mv, matching the pattern used in the hook scripts https://claude.ai/code/session_01EpP9ZyDFTvZj8ZBeWJfVks
…sions statusline.sh: - Replace backslash-escape ANSI constants with $'\033' (actual ESC bytes) so printf '%b' is no longer needed; all output lines now use printf '%s', eliminating the risk of terminal-escape injection from user-controlled strings (directory names, git data, model names from JSON) statusline.ps1: - Upgrade ip-api.com geolocation fetch from HTTP to HTTPS (mirrors the Bash fix from the previous commit) brif-pane.ps1: - Add SessionId regex validation (^[a-zA-Z0-9._-]+$) before constructing ~/.claude/brif/<id>/... file paths, matching the guard in brif-pane.sh and the rest of the Bash toolchain install.sh / brif / hooks/post-tool-use.sh / hooks/user-prompt.sh: - Set chmod 700 on all brif session directories at creation time so events.jsonl (which logs full user prompt text) is not world-readable on multi-user systems https://claude.ai/code/session_01EpP9ZyDFTvZj8ZBeWJfVks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR improves security and robustness across the brif and statusline scripts through input validation, protocol upgrades, safer string handling, and proper file permissions.
Key Changes
Input Validation & Sanitization
brif,brif-pane.sh, andbrif-pane.ps1to reject IDs containing characters outside[a-zA-Z0-9._-]brifbefore truncation to prevent injection attacks^[a-zA-Z0-9._-]+$before using in file pathsHTTPS Protocol Upgrade
http://ip-api.comtohttps://ip-api.cominstatusline.shandstatusline.ps1for secure geolocation lookupsSafer String Handling
$'...'syntax instatusline.shfor proper escape sequence interpretationprintf '%b'(interpret backslashes) withprintf '%s'(literal strings) throughoutstatusline.shto prevent unintended escape sequence processing$'...'syntax and concatenate with${C_RESET}variable instead of raw escape codesFile Permissions & Atomic Writes
chmod 700to session directories inbrif,hooks/post-tool-use.sh,hooks/user-prompt.sh, andinstall.shto restrict access to owner onlybrifusing temporary file +mvpattern formission.jsonto prevent partial writesEnvironment Variable Handling
brifto passSESSION_IDviatmux set-environmentinstead of inline shell variable to avoid quoting injection vulnerabilitiestmux send-keyscommand to rely on environment variable instead of inline substitutionImplementation Details
.tmpsuffix pattern to ensure data integrityhttps://claude.ai/code/session_01EpP9ZyDFTvZj8ZBeWJfVks