foundryside-dev · tachyon-beep · Jun 26, 2026 · Jun 26, 2026
diff --git a/.jules/sentinel.md b/.jules/sentinel.md
@@ -0,0 +1,4 @@
+## 2026-06-26 - Local Code Execution via Untrusted .git/config
+**Vulnerability:** The application executes `git` via `subprocess.run` against potentially untrusted directories without disabling `core.fsmonitor` or other executable git configurations. This allows for local code execution if a user runs Wardline against a directory containing a malicious `.git/config`.
+**Learning:** Even innocent read-only `git` commands (like `git status` or `git rev-parse`) can result in local code execution because git respects the `.git/config` file in the target directory, which may configure executable hooks or commands like `core.fsmonitor`.
+**Prevention:** When invoking `git` via `subprocess` against potentially untrusted directories, always prepend `("-c", "core.fsmonitor=false")` (the application's `_SAFE_GIT_CONFIG` constant) to the `git` command arguments to prevent execution of malicious repository configurations.
diff --git a/src/wardline/core/delta.py b/src/wardline/core/delta.py
@@ -11,6 +11,8 @@
 if TYPE_CHECKING:
     from wardline.scanner.index import Entity
 
+_SAFE_GIT_CONFIG = ("-c", "core.fsmonitor=false")
+
 
 def get_changed_files_since(ref: str, root: Path) -> set[str]:
     """Get the set of file paths (repo-relative, POSIX-style matching Location.path)
@@ -22,7 +24,7 @@ def get_changed_files_since(ref: str, root: Path) -> set[str]:
     # 1. Get the git toplevel directory.
     try:
         res = subprocess.run(
-            ["git", "rev-parse", "--show-toplevel"],
+            ["git", *_SAFE_GIT_CONFIG, "rev-parse", "--show-toplevel"],
             cwd=root,
             capture_output=True,
             text=True,
@@ -38,7 +40,7 @@ def get_changed_files_since(ref: str, root: Path) -> set[str]:
     # 2. Resolve ref to a verified object id before passing it to git diff.
     try:
         res = subprocess.run(
-            ["git", "rev-parse", "--verify", "--end-of-options", ref],
+            ["git", *_SAFE_GIT_CONFIG, "rev-parse", "--verify", "--end-of-options", ref],
             cwd=git_toplevel,
             capture_output=True,
             text=True,
@@ -54,7 +56,7 @@ def get_changed_files_since(ref: str, root: Path) -> set[str]:
     # 3. Get changed files since ref (committed since ref, staged, unstaged).
     try:
         res = subprocess.run(
-            ["git", "diff", "--name-only", verified_ref, "--"],
+            ["git", *_SAFE_GIT_CONFIG, "diff", "--name-only", verified_ref, "--"],
             cwd=git_toplevel,
             capture_output=True,
             text=True,
@@ -68,7 +70,7 @@ def get_changed_files_since(ref: str, root: Path) -> set[str]:
     # 4. Get untracked files.
     try:
         res = subprocess.run(
-            ["git", "ls-files", "--others", "--exclude-standard"],
+            ["git", *_SAFE_GIT_CONFIG, "ls-files", "--others", "--exclude-standard"],
             cwd=git_toplevel,
             capture_output=True,
             text=True,

diff --git a/src/wardline/core/legis.py b/src/wardline/core/legis.py
@@ -42,7 +42,7 @@
 from typing import TYPE_CHECKING, Any
 
 from wardline._version import __version__
-from wardline.core.attest import git_state
+from wardline.core.attest import _SAFE_GIT_CONFIG, git_state
 from wardline.core.errors import LegisArtifactError
 from wardline.core.finding import FINGERPRINT_SCHEME, Finding, SuppressionState
 from wardline.core.ruleset import ruleset_hash
@@ -199,7 +199,7 @@ def _git_tree_sha(root: Path) -> str | None:
     """
     try:
         rev = subprocess.run(
-            ["git", "rev-parse", "HEAD^{tree}"],
+            ["git", *_SAFE_GIT_CONFIG, "rev-parse", "HEAD^{tree}"],
             cwd=root,
             capture_output=True,
             text=True,
@@ -215,7 +215,7 @@ def _git_repo_root(root: Path) -> Path | None:
     """The containing git repository root, or None when unavailable."""
     try:
         rev = subprocess.run(
-            ["git", "rev-parse", "--show-toplevel"],
+            ["git", *_SAFE_GIT_CONFIG, "rev-parse", "--show-toplevel"],
             cwd=root,
             capture_output=True,
             text=True,

diff --git a/tests/unit/core/test_delta.py b/tests/unit/core/test_delta.py
@@ -43,8 +43,24 @@ def run_dispatch(args, **kwargs):
     res = get_changed_files_since("HEAD~1", root)
 
     assert res == {"foo.py", "bar.py", "baz.py"}
-    assert mock_run.call_args_list[1].args[0] == ["git", "rev-parse", "--verify", "--end-of-options", "HEAD~1"]
-    assert mock_run.call_args_list[2].args[0] == ["git", "diff", "--name-only", "abc123", "--"]
+    assert mock_run.call_args_list[1].args[0] == [
+        "git",
+        "-c",
+        "core.fsmonitor=false",
+        "rev-parse",
+        "--verify",
+        "--end-of-options",
+        "HEAD~1",
+    ]
+    assert mock_run.call_args_list[2].args[0] == [
+        "git",
+        "-c",
+        "core.fsmonitor=false",
+        "diff",
+        "--name-only",
+        "abc123",
+        "--",
+    ]
 
 
 @patch("subprocess.run")