GHSA-hhjv-jq77-cmvx

Summary

zeptoclaw implements a blocklist to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as rm -f and rm -rf, this can be simply bypassed by using different orders for these arguments, such as rm -r -f or rm -fr etc.

Details

As in code src/tools/android/actions.rs#L413-L424, we can see the rm -f and rm -rf are hard coded and thus can be simply bypassed via rm -r -f or rm -fr etc.

pub async fn device_shell(adb: &AdbExecutor, cmd: &str) -> Result<String> {
    // Normalize whitespace for blocklist check
    let normalized: String = cmd.split_whitespace().collect::<Vec<_>>().join(" ");
    let lower = normalized.to_lowercase();
    let blocked = [
        "rm -rf",
        "rm -r",
        "reboot",
        "factory_reset",
        "wipe",
        "format",
        "dd if=",
        "mkfs",
        "flash",
        "fastboot",
    ];
    for pattern in &blocked {
        if lower.contains(pattern) {
            return Err(ZeptoError::Tool(format!(
                "Blocked dangerous command containing '{}'",
                pattern
            )));
        }
    }

PoC

Set up zeptoclaw with an Android tool and then run the command rm -f -r etc.

Impact

Unauthorized command executed in Android device.

Credit

@zpbrent