OliveTin has Unvalidated `ot_`-prefixed Arguments that Bypass Input Filtering

Description

### Description The `filterToDefinedArgumentsOnly` function in the executor is intended to discard any arguments not explicitly defined in the action's configuration. However, a special case allows any argument whose name starts with `ot_` to bypass this filter. While two system arguments (`ot_executionTrackingId` and `ot_username`) are injected by OliveTin and overridden, all other `ot_`-prefixed arguments supplied by the user pass through unmodified. These bypassed arguments are: 1. **Not type-checked** — the validation loop only iterates over the action's defined arguments, so `ot_`-prefixed arguments skip all type safety checks entirely. 2. **Set as environment variables** — via `buildEnv()`, with completely unvalidated values, and passed to the executed command. 3. **Included in the template context** — available as `.Arguments.ot_*` in template rendering. ### Affected Code **Filter bypass — `service/internal/executor/executor.go` (lines 728–731):** ```go func keepArgument(name string, definedNames map[string]struct{}) bool { _, ok := definedNames[name] return ok || strings.HasPrefix(name, "ot_") } ``` **System args only override two keys — `service/internal/executor/executor.go` (lines 742–745):** ```go func injectSystemArgs(req *ExecutionRequest) { req.Arguments["ot_executionTrackingId"] = req.TrackingID req.Arguments["ot_username"] = req.AuthenticatedUser.Username } ``` Any other `ot_`-prefixed argument (e.g., `ot_malicious`) survives both functions. **Unvalidated values become environment variables — `service/internal/executor/executor.go` (lines 867–882):** ```go func buildEnv(args map[string]string) []string { ret := append(os.Environ(), "OLIVETIN=1") for k, v := range args { varName := fmt.Sprintf("%v", strings.TrimSpace(strings.ToUpper(k))) if varName == "" { continue } ret = append(ret, fmt.Sprintf("%v=%v", varName, v)) } return ret } ``` The value `v` is never validated. It can contain newlines, shell metacharacters, null bytes, or any arbitrary data. ### Proof of Concept An attacker sends a `StartAction` request with extra `ot_`-prefixed arguments: ```json { "bindingId": "<any-action-id>", "arguments": [ { "name": "ot_custom_var", "value": "arbitrary unvalidated content \n with newlines" }, { "name": "ot_another", "value": "$(whoami)" } ] } ``` These arguments: - Pass through `filterToDefinedArgumentsOnly` (the `ot_` prefix exempts them). - Are never type-checked (not in the action's argument definitions). - Become environment variables `OT_CUSTOM_VAR` and `OT_ANOTHER` in the executed command's environment. - Are available in the template rendering context as `.Arguments.ot_custom_var` and `.Arguments.ot_another`. ### Impact - **Environment variable pollution** — attacker can set arbitrary environment variables (with `OT_` uppercased prefix) in the execution environment of any action they can trigger. Scripts or programs that read custom environment variables could be influenced. - **Potential for secondary exploitation** — if any executed script or command reads `OT_`-prefixed environment variables, the unvalidated content could cause unexpected behavior. - **Template context pollution** — although Go's `text/template` does not recursively evaluate data values (mitigating direct template injection), the extra arguments are accessible in the template context and could interact unexpectedly with custom template logic. ### Suggested Fix Remove the `ot_` prefix exception from `keepArgument`, or restrict it to only the two known system arguments: ```go var systemArgs = map[string]struct{}{ "ot_executionTrackingId": {}, "ot_username": {}, } func keepArgument(name string, definedNames map[string]struct{}) bool { _, isDefined := definedNames[name] _, isSystem := systemArgs[name] return isDefined || isSystem } ``` --- ## Discovery Methodology Both vulnerabilities were identified through manual source code review of the OliveTin repository, focusing on: - Input validation boundaries (API request fields flowing into file system operations and execution contexts) - Argument filtering and type-checking logic in the executor - File path construction in the log persistence feature No automated scanners or fuzzing tools were used. The review was conducted against the current `main` branch source code. ---

Affected Packages (1)