rtk-ai/rtk

rtk proxy should reject or safely handle compound shell snippets

Open

Aperta il 30 mag 2026

Vedi su GitHub
 (1 commento) (0 reazioni) (0 assegnatari)Rust (48.085 star) (2914 fork)batch import
area:clibughelp wantedpriority:high

Descrizione

Summary

rtk proxy appears unsafe for compound shell snippets. When I wrapped a multi-command shell loop in rtk proxy '...', shell syntax was not preserved as expected and parts of the snippet were interpreted as command/path arguments. This led to incorrect execution side effects, including bogus directories being created from shell tokens.

Version

rtk 0.36.0

Reproduction shape

A command shaped like this is enough to demonstrate the risk pattern:

rtk proxy 'mkdir -p /tmp/rtk-repro && for n in 1 2; do log=/tmp/rtk-repro/$n.log; (echo "$n" > "$log"; echo $? > /tmp/rtk-repro/$n.exit) & echo "pid=$!"; sleep 1; while [ "$(jobs -pr | wc -l | tr -d " ")" -ge 2 ]; do sleep 1; done; done; wait'

The important part is not this exact command, but that it contains normal shell syntax:

  • &&
  • for ... do ... done
  • command substitution: $(...)
  • pipes: |
  • redirects: > / 2>&1
  • background jobs: &
  • grouped commands: ( ... )
  • nested quotes

Expected behavior

Either:

  1. rtk proxy should pass the full snippet to the shell exactly as a raw command, preserving shell semantics; or
  2. rtk proxy should reject compound shell snippets with a clear error message, e.g. "rtk proxy only supports one simple command; do not pass shell snippets".

Actual behavior

The compound snippet was not treated as a single shell program. Parts of the shell syntax were effectively interpreted as command/path tokens, producing incorrect behavior. In my case, token-like fragments such as option names, numeric loop values, and shell keywords became filesystem entries.

Why this matters

The name and help text for proxy can make users think it is safe to wrap arbitrary raw shell code. If it is intended only for simple commands, the CLI should make that explicit and ideally fail closed for detected shell metacharacters.

Suggested fix

  • Document that rtk proxy is only for a single simple command, not shell snippets.
  • Add validation/rejection for common shell metacharacters or compound syntax (|, >, &&, ;, $(), for, while, if, &, parentheses) unless an explicit shell mode is supported.
  • Alternatively, provide a separate explicit mode such as rtk shell -- '<snippet>' that intentionally invokes the user's shell and preserves compound shell semantics.

Guida contributor

Tech stack
rust
Dominio
clitooling
Tipo issue
bug
DifficoltàQuanto dovrebbe essere impegnativa per un nuovo contributor.
3
Tempo stimatoTempo stimato per completare e verificare uno scope piccolo.
half day
Stato attivitàQuanto è probabile che la issue sia ancora attiva e reviewable.
active
ChiarezzaQuanto chiaramente la issue descrive problema, scope e risultato atteso.
clear
Prerequisiti
RustCLI
Adatta ai principiantiQuanto la issue è adatta a contributor alla prima esperienza.
65
Direzione di ricerca
Esamina il parsing degli argomenti in rtk proxy per vedere come passa i comandi alla shell. Aggiungi una validazione che rifiuti la sintassi shell composta con un messaggio di errore chiaro. Considera l'aggiunta di una modalità separata per gli snippet shell.