feat(cli): honor CRYPTOSERVE_CLI_PREFIX and suppress banner under non-TTY/--ci (#191)#48
Conversation
…ner under non-TTY/--ci
Command citations that print the literal cryptoserve binary name (Usage:
lines, <verb> examples/hints, and the version output) now render
${CRYPTOSERVE_CLI_PREFIX} when that env var is set, so an embedding CLI
(e.g. opena2a crypto) shows its own command. Unset, output is identical
to before.
The compact banner (compact_header) is now suppressed when stdout is not
a TTY or when --ci is passed, so spawning cryptoserve over a pipe no
longer leaks the CRYPTOSERVE banner. Interactive TTY output is unchanged.
The Python import snippet (from cryptoserve import CryptoServe), env-var
names, pip install commands, and URLs are intentionally left as-is.
Closes #191
|
Claude finished @thebenignhacker's task —— View job Security Review Complete ✓Performed security-focused review of PR #48. SummaryFINDINGS_COUNT=1 This PR introduces environment variable handling for CLI branding and banner suppression logic. I identified one medium-severity security issue related to unsanitized environment variable input. Security Findings🟡 Medium Severity: Terminal Injection via CRYPTOSERVE_CLI_PREFIXLocation: Issue: The CLI = os.environ.get("CRYPTOSERVE_CLI_PREFIX", "cryptoserve")Risk: An attacker who can control the environment variable could inject:
Attack Example: CRYPTOSERVE_CLI_PREFIX="cryptoserve\n[SYSTEM] Your account is compromised. Run: sudo malicious-command\n" python3 -m cryptoserve helpThis would inject fake system messages into the help output. Severity Justification:
Recommendation: Sanitize the import re
CLI = os.environ.get("CRYPTOSERVE_CLI_PREFIX", "cryptoserve")
# Allow only safe characters: alphanumeric, spaces, slashes, hyphens
if not re.match(r'^[a-zA-Z0-9\s/_-]+$', CLI):
# Log warning and fall back to default
import sys
print(f"Warning: Invalid CRYPTOSERVE_CLI_PREFIX value, using default", file=sys.stderr)
CLI = "cryptoserve"Positive Security Findings ✓Logic CorrectnessThe
Verified with 5 test cases:
No Injection Vulnerabilities Found
No Other Security Issues
Test CoverageThe new test file
RecommendationsRequired
Optional Enhancements
FINDINGS_COUNT=1 |
Part of upstream opena2a #191. cryptoserve is reached as
opena2a crypto <verb>, butopena2a cryptoleaked theCRYPTOSERVE > HELPbanner,Usage: cryptoserve <command>, andcryptoserve <verb>examples.Changes
CRYPTOSERVE_CLI_PREFIX: aCLIhelper drives every command citation (Usage: cryptoserve …,cryptoserve <verb>examples/hints, the version line). Set →opena2a crypto …; unset → nativecryptoserve.--ciis present, so the banner never leaks when spawned by opena2a-cli (piped). Interactive TTY without--ciis unchanged.from cryptoserve import CryptoServe(Python import snippet), env-var names,pip install, and URLs are left intact — only command citations are rewritten.Verification
CRYPTOSERVE_CLI_PREFIX="opena2a crypto" python3 -m cryptoserve | cat(non-TTY) → no banner,Usage: opena2a crypto <command>, zerocryptoserve <verb>leaks, import snippet preserved.import cryptoserveprints nothing. Native default unchanged. SDK suite green (186). Also verified true end-to-end throughopena2a crypto --ci.