fix(security): prevent command injection in GenericWindowHandler.launch()

[rookweb1]

Summary

Fixes command injection vulnerability reported in issue #1097.

Problem

The GenericWindowHandler.launch() method was passing the app parameter directly to subprocess.Popen() with shell=True, allowing arbitrary shell command execution.

Solution

Use shlex.split() to safely parse the command string:

cmd_parts = shlex.split(app)
proc = subprocess.Popen(cmd_parts)

Impact

• Prevents RCE on sandbox host
• Mitigates CWE-78 (OS Command Injection)
• Severity: High (CVSS 7.8)

---

AI-assisted contribution

Summary by CodeRabbit

• Bug Fixes
  • Improved command execution handling to ensure secure and reliable processing of commands without explicit arguments.

[vercel]

@rookweb1 is attempting to deploy a commit to the Cua Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

📝 Walkthrough

Walkthrough

This change modifies the command execution logic in the generic window handler to improve security. When no explicit arguments are provided, the command is now tokenized using shlex.split and executed via Popen without shell context, replacing the previous shell=True approach. The shlex module is imported to support this. When arguments are explicitly provided, the existing behavior of executing [app, *args] is preserved.

Changes

Cohort / File(s)	Summary
Command Execution Security Fix libs/python/computer-server/computer_server/handlers/generic.py	Added shlex import and modified launch behavior to tokenize commands with shlex.split and execute via Popen without shell context when no explicit args provided, improving command injection safety.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related issues

• [Security] Command Injection in GenericWindowHandler.launch() via shell=True #1097: This PR directly addresses the command-injection vulnerability in GenericWindowHandler.launch by replacing subprocess.Popen(app, shell=True) with shlex.split tokenization executed without shell context.

Poem

🐰 A shell no more, secure and clean,
With shlex we tokenize the unseen,
No injection lurks in args so bright,
The Warren's handlers now stand right! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main security fix: preventing command injection in GenericWindowHandler.launch() by using shlex.split() instead of shell=True.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

libs/python/computer-server/computer_server/handlers/generic.py (1)

116-117: Use platform-specific shlex parsing to handle Windows and POSIX command strings correctly.

The default posix=True mode treats backslashes as escape characters, which corrupts Windows paths (e.g., C:\Program Files). On Windows, switch to posix=False; on POSIX systems, keep the default. Also guard against empty command splits.

Suggested adjustment

-                cmd_parts = shlex.split(app)
-                proc = subprocess.Popen(cmd_parts)
+                cmd_parts = shlex.split(app, posix=(platform.system().lower() != "windows"))
+                if not cmd_parts:
+                    return {"success": False, "error": "Empty command"}
+                proc = subprocess.Popen(cmd_parts)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@libs/python/computer-server/computer_server/handlers/generic.py` around lines
116 - 117, The current parsing uses shlex.split(app) which uses posix=True by
default and breaks Windows paths; update the parsing in the block around
cmd_parts and subprocess.Popen to choose shlex.split(app, posix=False) when
running on Windows (e.g., sys.platform.startswith("win") or os.name == "nt") and
posix=True otherwise, then guard the result so if cmd_parts is empty raise/log a
clear error instead of calling subprocess.Popen([]); use the existing variables
cmd_parts, app and the subprocess.Popen call to locate and change the code.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@libs/python/computer-server/computer_server/handlers/generic.py`:
- Around line 116-117: The current parsing uses shlex.split(app) which uses
posix=True by default and breaks Windows paths; update the parsing in the block
around cmd_parts and subprocess.Popen to choose shlex.split(app, posix=False)
when running on Windows (e.g., sys.platform.startswith("win") or os.name ==
"nt") and posix=True otherwise, then guard the result so if cmd_parts is empty
raise/log a clear error instead of calling subprocess.Popen([]); use the
existing variables cmd_parts, app and the subprocess.Popen call to locate and
change the code.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 489302a and ff6903c.

📒 Files selected for processing (1)

• libs/python/computer-server/computer_server/handlers/generic.py

[rookweb1]

Hi! This PR fixes a security vulnerability (command injection) reported in issue #1097. The fix uses shlex.split() instead of shell=True to prevent RCE. Let me know if you need any adjustments!