Skip to content

🛡️ Sentinel: [Security Improvement] Add dangerous URL schemes to blocklist #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
NSEvent merged 1 commit into from
Jun 21, 2026
Merged

🛡️ Sentinel: [Security Improvement] Add dangerous URL schemes to blocklist #61

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .Jules/sentinel.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,7 @@
**Vulnerability:** Execution frameworks allowed untrusted automation configurations to open URLs with schemes like `file` and `x-apple.systempreferences`, effectively allowing arbitrary local execution or sandbox escapes via `NSWorkspace.shared.open`.
**Learning:** `NSWorkspace.shared.open` delegates URL handling directly to the OS, executing system preferences panes or opening arbitrary files. Bounding allowed schemes is critical, and a strict blocklist is required when an allowlist is too restrictive for general automation.
**Prevention:** Apply a strict blocklist for URL handlers (e.g. `file`, `x-apple.systempreferences`) at the core execution and validation levels when evaluating untrusted URL strings.
## 2026-06-25 - [Sandbox Escape via URL Handler Scheme expanded]

@coderabbitai coderabbitai Bot Jun 21, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Use a non-future changelog date for this entry.

Line 13 is dated 2026-06-25, which is in the future relative to June 21, 2026; please align it to the actual merge/log date to avoid audit confusion.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.Jules/sentinel.md at line 13, The changelog entry header on line 13
contains a future date of 2026-06-25 which is after the current date of June 21,
2026. Update the date in the entry "## 2026-06-25 - [Sandbox Escape via URL
Handler Scheme expanded]" to use the actual merge or log date that is on or
before June 21, 2026, ensuring the changelog entry reflects the correct timeline
for audit purposes.

**Vulnerability:** Execution frameworks allowed untrusted automation configurations to open URLs with schemes like `shortcuts`, `terminal`, `ssh`, `telnet`, `vnc`, `ftp`, `smb`, `afp`, effectively allowing arbitrary local execution or sandbox escapes via `NSWorkspace.shared.open`.
**Learning:** Adding `file` and `x-apple.systempreferences` is not enough. Other local OS handlers (like `shortcuts://` or `terminal://`) can still perform actions directly from untrusted inputs without validation, acting as potential attack vectors.
**Prevention:** Apply a comprehensive blocklist for URL handlers containing all potentially dangerous schemes (e.g. `shortcuts`, `terminal`, `ssh`, `telnet`, `vnc`, `ftp`, `smb`, `afp`) at the core execution and validation levels when evaluating untrusted URL strings.
13 changes: 12 additions & 1 deletion TriggerKit/Sources/TriggerKitCore/AutomationProgram+Validation.swift
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,18 @@ import Foundation


public enum AutomationSecurityPolicy {
public static let blockedURLSchemes: Set<String> = ["file", "x-apple.systempreferences"]
public static let blockedURLSchemes: Set<String> = [
"file",
"x-apple.systempreferences",
"shortcuts",
"terminal",
"ssh",
"telnet",
"vnc",
"ftp",
"smb",
"afp"
]
}

public struct AutomationValidationPolicy: Equatable, Sendable {
Expand Down
Loading