security: declare/readonly/local/export bypass is_internal_variable() (TM-INJ-012–015) #488
Description
Summary
declare, readonly, local, and export builtins insert directly into the variables HashMap via ctx.variables.insert() or self.variables.insert(), bypassing the is_internal_variable() guard in set_variable().
Impact — HIGH
Attacker-controlled scripts can:
- Create unauthorized namerefs:
declare _NAMEREF_alias=secret→$aliasresolves to$secret - Inject case conversion attributes:
declare _UPPER_x=1→ all assignments toxare uppercased - Pollute internal state with fake readonly/nameref/case markers
Reproduction
# Unauthorized nameref creation
secret="sensitive_data"
declare _NAMEREF_alias=secret
echo "$alias" # prints "sensitive_data"
# Case conversion injection
declare _UPPER_myvar=1
myvar="should be lowercase"
echo "$myvar" # prints "SHOULD BE LOWERCASE"Affected code
| Builtin | File | Line | Insert path |
|---|---|---|---|
declare |
interpreter/mod.rs |
5574 | self.variables.insert(var_name, final_value) |
readonly |
builtins/vars.rs |
265 | ctx.variables.insert(name, value) |
local (outside fn) |
interpreter/mod.rs |
4599 | self.variables.insert(var_name, value) |
local (inside fn) |
interpreter/mod.rs |
4572 | frame.locals.insert(var_name, value) |
export |
builtins/export.rs |
41 | ctx.variables.insert(name, value) |
Recommended fix
Add is_internal_variable() check before each insert. Best long-term fix: route all variable mutations through set_variable() or use a separate HashMap for internal markers (per TM-INJ-009 recommendation).
Tests
Regression tests in tests/security_audit_pocs.rs (currently #[ignore]):
security_audit_declare_blocks_nameref_prefixsecurity_audit_declare_blocks_upper_prefixsecurity_audit_declare_blocks_lower_prefixsecurity_audit_readonly_blocks_nameref_prefixsecurity_audit_export_blocks_readonly_prefixsecurity_audit_local_blocks_internal_prefixes
Remove #[ignore] when fix lands.
Cross-references
- Threat model: TM-INJ-012, TM-INJ-013, TM-INJ-014, TM-INJ-015
- Related: TM-INJ-009 (original internal variable namespace injection)
- PR: test(security): deep security audit with regression tests #487