30 lines
1.5 KiB
Markdown
30 lines
1.5 KiB
Markdown
|
|
---
|
||
|
|
name: nexus-ssh-safety
|
||
|
|
description: Use when reviewing or editing Nexus code that executes commands on managed servers over SSH, including file manager, transfer, archive, agent install, and BT panel bootstrap flows.
|
||
|
|
---
|
||
|
|
|
||
|
|
# Nexus SSH Safety
|
||
|
|
|
||
|
|
Use for any Nexus feature that builds shell commands or transfers files over SSH.
|
||
|
|
|
||
|
|
## Command construction rules
|
||
|
|
|
||
|
|
- Prefer argument arrays/local library APIs when available; otherwise quote every dynamic shell token with shlex.quote.
|
||
|
|
- Insert -- before filename/path operands for commands that parse options:
|
||
|
|
m, mv, cp, ar, zip, chmod, chown, etc.
|
||
|
|
- Never concatenate unquoted user input into shell command strings.
|
||
|
|
- Keep timeouts explicit for network/SSH work; avoid unbounded commands.
|
||
|
|
- Truncate or sanitize command output before returning it to API clients.
|
||
|
|
- Do not log secrets or full credential-bearing URLs.
|
||
|
|
|
||
|
|
## Path and archive rules
|
||
|
|
|
||
|
|
- Normalize paths with POSIX semantics for remote Linux paths.
|
||
|
|
- Reject empty paths where dangerous, root/system paths for recursive destructive operations, and traversal where the feature expects a bounded directory.
|
||
|
|
- Archive creation must protect member names beginning with -.
|
||
|
|
- Archive extraction must validate member names and types before extraction.
|
||
|
|
- Temporary files/directories must be unique and cleaned best-effort.
|
||
|
|
|
||
|
|
## script_service exception
|
||
|
|
|