Skip to content

fix(security): neutralize pipeline commands in execute_safe_outputs Err arm#405

Merged
jamesadevine merged 2 commits into
mainfrom
copilot/test-gap-analysis-execute-rs
May 5, 2026
Merged

fix(security): neutralize pipeline commands in execute_safe_outputs Err arm#405
jamesadevine merged 2 commits into
mainfrom
copilot/test-gap-analysis-execute-rs

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 5, 2026
edited
Loading

Summary

Post-#396, the Err arm in execute_safe_outputs was printing error messages containing the raw name field to stdout without VSO neutralization. An adversarial NDJSON entry like {"name":"##vso[task.setvariable variable=PAT]stolen"} would cause execute_safe_output to return Err("Unknown tool type: ##vso[...]"), which the Err arm then echoed raw to stdout — where ADO interprets ##vso[ as a live pipeline command.

  • src/execute.rsexecute_safe_outputs Err arm: Apply neutralize_pipeline_commands to the formatted error before constructing ExecutionResult, so ##vso[ is backtick-wrapped before reaching stdout: 
    let raw_msg = format!("Failed to execute entry: {}", e);
let safe_msg = neutralize_pipeline_commands(&raw_msg);
let result = ExecutionResult::failure(safe_msg);
  • New tests:
    • test_execute_safe_outputs_unknown_tool_with_vso_in_name_does_not_echo_raw_command — verifies ##vso[task... is neutralized to `##vso[`task... in the Err path result message (security-critical)
    • test_extract_entry_context_neutralizes_shorthand_pipeline_command_in_title — verifies ##[error] in a title field is neutralized through extract_entry_context (defense-in-depth)
    • test_extract_entry_context_neutralizes_shorthand_pipeline_command_in_path — same coverage for the path field

Test plan

cargo test execute::tests — all 69 tests pass.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • spsprodeus21.vssps.visualstudio.com
    • Triggering command: /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw-f4dc8202a0574181 /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw-f4dc8202a0574181 execute /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a/home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/compiler_tests-08469b25c8713b9f.1osek3msodzrcuzzqb6j6fh5f.0d2sqw7.rcgu.o 64-REDACTED-linux-gnu/bin/rust-lld /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a/home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/compiler_tests-08469b25c8713b9f.1yt6y7dxke9ylsvwyi80ywpao.0d2sqw7.rcgu.o /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a/home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/compiler_tests-08469b25c8713b9f.215np3f821qf2hj8fx3zklvd8.0d2sqw7.rcgu.o /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a/home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/compiler_tests-08469b25c8713b9f.29ox0dxragkyk6pjirarif6mb.0d2sqw7.rcgu.o /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a/home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/compiler_tests-08469b25c8713b9f.2kk04uj3a5d2ltbz4jc97jws4.0d2sqw7.rcgu.o /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a/home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/compiler_tests-08469b25c8713b9f.2kw192gmdvc3nrw9625sd93dw.0d2sqw7.rcgu.o /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a.24x�� /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a.2eic40pkfx5wikhd73nzwyiy4.09ds8vf.rcgu.o /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a.2s1x3nf0f4deblv1kjt23ls7h.09ds8vf.rcgu.o b 7db13e5c0/rustc4--error-format=json .rlib 7db13e5c0/build_--crate-type lib/rustlib/x86_/usr/libexec/gcc/x86_64-linux-gnu/13/collect2 lib/rustlib/x86_-plugin lib/rustlib/x86_/usr/libexec/gcc/x86_64-linux-gnu/13/liblto_plugin.so lib/rustlib/x86_-plugin-opt=/usr/libexec/gcc/x86_64-linux-gnu/13/lto-wrapper (dns block)
    • Triggering command: /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw-f4dc8202a0574181 /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw-f4dc8202a0574181 execute::tests /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/cli_tests-0797379b92f7ddc8.1y3wsctuwhsyt2jgkjefvto8n.0e39wqy.rcgu.o /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/cli_tests-0797379b92f7ddc8.1ykrxco1vaj9i06lxzot811av.0e39wqy.rcgu.o /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/cli_tests-0797379b92f7ddc8.2cmcmxdzz76f3ea0v7yzf1pt0.0e39wqy.rcgu.o /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/cli_tests-0797379b92f7ddc8.2gkkjm0tjyepotfmgkbyrq8g5.0e39wqy.rcgu.o f.003hom3vee2ym7sh58rg140vj.0d2sqw7.rcgu.o f.00wfvn4upfx1hb9tgdi7mukha.0d2sqw7.rcgu.o f.07gz9s58fy3xa60v4y9hymutr.0d2sqw7.rcgu.o f.0aa12yj5pptvzvgju1r3gwytg.0d2sqw7.rcgu.o f.0f1aq84q4n3o8s4tngeyganqi.0d2sqw7.rcgu.o f.0oo0medtgltzca1vh2mi8mcsi.0d2sqw7.rcgu.o f.0spzw861n1l4swn6k89xu5byp.0d2sqw7.rcgu.o f.0xr812pfrnoga53ea19gxz7d7.0d2sqw7.rcgu.o f.10dd6ub9yzkt1tthc4jzqtuhh.0d2sqw7.rcgu.o f.15ci54sqstm9plk9n8tzsxk8r.0d2sqw7.rcgu.o f.1osek3msodzrcuzzqb6j6fh5f.0d2sqw7.rcgu.o f.1vvc8f1tfdsm0wa6ktfq5xi59.0d2sqw7.rcgu.o f.1yt6y7dxke9ylsvwyi80ywpao.0d2sqw7.rcgu.o f.215np3f821qf2hj8fx3zklvd8.0d2sqw7.rcgu.o (dns block)
  • spsprodweu4.vssps.visualstudio.com
    • Triggering command: /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw-f4dc8202a0574181 /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw-f4dc8202a0574181 execute /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a/home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/compiler_tests-08469b25c8713b9f.1osek3msodzrcuzzqb6j6fh5f.0d2sqw7.rcgu.o 64-REDACTED-linux-gnu/bin/rust-lld /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a/home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/compiler_tests-08469b25c8713b9f.1yt6y7dxke9ylsvwyi80ywpao.0d2sqw7.rcgu.o /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a/home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/compiler_tests-08469b25c8713b9f.215np3f821qf2hj8fx3zklvd8.0d2sqw7.rcgu.o /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a/home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/compiler_tests-08469b25c8713b9f.29ox0dxragkyk6pjirarif6mb.0d2sqw7.rcgu.o /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a/home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/compiler_tests-08469b25c8713b9f.2kk04uj3a5d2ltbz4jc97jws4.0d2sqw7.rcgu.o /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a/home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/compiler_tests-08469b25c8713b9f.2kw192gmdvc3nrw9625sd93dw.0d2sqw7.rcgu.o /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a.24x�� /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a.2eic40pkfx5wikhd73nzwyiy4.09ds8vf.rcgu.o /home/REDACTED/work/ado-aw/ado-aw/target/debug/deps/ado_aw_derive-200f38d8081bcd5a.2s1x3nf0f4deblv1kjt23ls7h.09ds8vf.rcgu.o b 7db13e5c0/rustc4--error-format=json .rlib 7db13e5c0/build_--crate-type lib/rustlib/x86_/usr/libexec/gcc/x86_64-linux-gnu/13/collect2 lib/rustlib/x86_-plugin lib/rustlib/x86_/usr/libexec/gcc/x86_64-linux-gnu/13/liblto_plugin.so lib/rustlib/x86_-plugin-opt=/usr/libexec/gcc/x86_64-linux-gnu/13/lto-wrapper (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Copilot AI linked an issue May 5, 2026 that may be closed by this pull request
🧪 Test gap analysis — 2 gaps found in execute.rs post-#396 security fix #403
Closed
@jamesadevine
fix(security): neutralize pipeline commands in execute_safe_outputs E…
2168473 
…rr arm and add tests

Agent-Logs-Url: https://github.com/githubnext/ado-aw/sessions/7930418d-f26e-4a79-9b6f-88b2e80c0334

Co-authored-by: jamesadevine <4742697+jamesadevine@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix test gaps in execute_rs after security update fix(security): neutralize pipeline commands in execute_safe_outputs Err arm May 5, 2026
Copilot AI requested a review from jamesadevine May 5, 2026 12:52
@jamesadevine jamesadevine marked this pull request as ready for review May 5, 2026 12:52
@jamesadevine jamesadevine merged commit da83c03 into main May 5, 2026
12 of 16 checks passed
@github-actions github-actions Bot mentioned this pull request May 5, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jamesadevine jamesadevine Awaiting requested review from jamesadevine

Assignees

@jamesadevine jamesadevine

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

🧪 Test gap analysis — 2 gaps found in execute.rs post-#396 security fix

2 participants

@jamesadevine