{{ message }}
fix(extensions): wire up list --available catalog query + harden add --from path traversal#3051
Open
darion-yaphet wants to merge 5 commits into
Open
fix(extensions): wire up list --available catalog query + harden add --from path traversal#3051darion-yaphet wants to merge 5 commits into
darion-yaphet wants to merge 5 commits into
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR wires up the previously-stubbed specify extension list --available/--all behavior to actually query the extension catalog (including filtering out installed extensions and marking discovery-only entries), and hardens specify extension add --from <url> by sanitizing the user-provided label before forming the downloaded ZIP filename (preventing path traversal).
Changes:
- Implement catalog-backed listing for
extension list --availableand--all, including installed-ID filtering and clearer catalog-unavailable failures. - Sanitize the
extensionlabel used for--fromURL download filenames to prevent../-style path traversal. - Add targeted tests for catalog-backed listing behavior and the path traversal hardening.
Show a summary per file
| File | Description |
|---|---|
tests/test_extension_list_available.py |
Adds behavioral tests for extension list --available/--all catalog querying, filtering, and error cases. |
tests/test_extension_add_path_traversal.py |
Adds a security regression test ensuring --from label sanitization keeps downloads within the cache directory. |
src/specify_cli/extensions/_commands.py |
Introduces the extension/catalog Typer command handlers (moved from __init__.py) and implements the new list --available/--all + add --from hardening. |
src/specify_cli/extensions/__init__.py |
Updates imports for the new extensions package structure (part of the handler move). |
src/specify_cli/__init__.py |
Registers the new extensions/_commands.py command group to preserve the CLI surface after the move. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 5/5 changed files
- Comments generated: 2
mnriem
requested changes
Jun 19, 2026
mnriem
left a comment
mnriem
left a comment
Collaborator
There was a problem hiding this comment.
Please address Copilot feedback
darion-yaphet
force-pushed
the
fix/extension-list-available
branch
from
094f5ee to
d468c02
Compare
Collaborator
|
Please address Copilot feedback |
Comment on lines
618
to
621
| # Download extension ZIP (use resolved ID, not original argument which may be display name) | ||
| extension_id = ext_info['id'] | ||
| console.print(f"Downloading {_escape_markup(str(ext_info['name']))} v{_escape_markup(str(ext_info.get('version', 'unknown')))}...") | ||
| console.print(f"Downloading {_escape_markup(str(ext_info.get('name', extension_id)))} v{_escape_markup(str(ext_info.get('version', 'unknown')))}...") | ||
| zip_path = catalog.download_extension(extension_id) |
Collaborator
|
Please address Copilot feedback |
…ry the catalog - extension add --from: sanitize the extension label before building the download filename so "../" path separators can no longer escape the downloads dir and overwrite arbitrary files - extension list --available/--all: actually query the catalog and list uninstalled extensions (filtering out installed IDs), instead of only printing a static install hint that contradicted the CLI help and docs
… path traversal Add regression coverage for the two behaviors wired up in the preceding fix: - list --available/--all: queries the catalog, filters installed IDs, marks discovery-only entries, reports an empty catalog, and exits 1 on catalog failure. - add --from <url>: a label containing path separators is sanitized so the download cannot escape the downloads cache dir. Both suites were verified red against the pre-fix behavior and green after.
…ction - Escape untrusted catalog fields (name, version, id, description, catalog name) and the catalog-query error before embedding them in Rich markup, preventing markup injection in `extension list --available/--all` output - Always print the "Installed Extensions:" header when the installed section is shown, with a "No extensions installed." note when empty, so `--all` output is no longer missing the section on an empty project - Update the command docstring to reflect --available/--all catalog listing so `--help` is accurate
…ries Catalog entries are untrusted (remote/community catalogs) and only guaranteed to carry an injected `id`; every other field comes straight from `**ext_data`. Hard subscripts and unguarded `.get()` chains on that data could crash `search`, `info`, `add`, and `update`, and a couple of catalog-controlled values were printed without Rich-markup escaping. - Use `.get()` fallbacks for name/version/description across search/info/add resolution and the download message - Guard `requires`/`provides` with isinstance(dict) before `.get()`, and skip non-dict tool entries - Catch KeyError alongside InvalidVersion in `update` version parsing - Escape catalog-controlled `stars` before printing - Correct the add --from path-traversal test docstring to describe the real mitigation (generated tempfile in the downloads dir, not label sanitization) - Add regression tests for malformed catalog entries in list/search/info
Remote extension catalogs are untrusted, and catalog entry IDs feed into the cached ZIP filename used by extension installation. The download path now validates IDs against the manifest ID rule before catalog lookup and verifies the final ZIP path stays under the downloads directory before writing. The issue-template agent list is also synchronized with runtime integrations so consistency checks pass for newly registered agents. Constraint: Remote catalog metadata controls extension IDs and versions before local manifest validation can run Rejected: Sanitize path separators in the filename | silently rewriting remote IDs could install an extension under an unexpected identity Confidence: high Scope-risk: narrow Directive: Keep catalog-sourced identifiers validated before using them in filesystem paths Tested: uv run pytest tests/test_extension_catalog_robustness.py tests/test_extension_add_path_traversal.py tests/test_extension_update_hardening.py tests/test_extension_list_available.py -q Tested: uv run pytest tests/test_agent_config_consistency.py -q Tested: uv run python -m compileall -q src/specify_cli/extensions tests/test_extension_catalog_robustness.py Tested: git diff --check Not-tested: Full uv run pytest Assisted-by: Codex (model: GPT-5, autonomous) Co-authored-by: OmX <omx@oh-my-codex.dev>
darion-yaphet
force-pushed
the
fix/extension-list-available
branch
from
f81d1ef to
a7da3b9
Compare
Comment on lines
+262
to
+278
| for ext in available_exts: | ||
| # Catalog fields are untrusted (remote/community catalogs); escape | ||
| # before embedding in Rich markup to prevent markup injection. | ||
| safe_id = _escape_markup(str(ext.get("id", ""))) | ||
| verified_badge = " [green]âś“ Verified[/green]" if ext.get("verified") else "" | ||
| safe_name = _escape_markup(str(ext.get("name", "(unnamed)"))) | ||
| safe_version = _escape_markup(str(ext.get("version", "?"))) | ||
| console.print(f" [bold]{safe_name}[/bold] (v{safe_version}){verified_badge}") | ||
| console.print(f" [dim]{safe_id}[/dim]") | ||
| console.print(f" {_escape_markup(str(ext.get('description', '')))}") | ||
| install_allowed = ext.get("_install_allowed", True) | ||
| if install_allowed: | ||
| console.print(f" [cyan]Install:[/cyan] specify extension add {safe_id}") | ||
| else: | ||
| catalog_name = _escape_markup(str(ext.get("_catalog_name", ""))) | ||
| console.print(f" [yellow]Discovery only — not installable from '{catalog_name}'[/yellow]") | ||
| console.print() |
Comment on lines
+772
to
+773
| console.print(f"[bold]{_escape_markup(str(ext.get('name', '(unnamed)')))}[/bold] (v{_escape_markup(str(ext.get('version', '?')))}){verified_badge}") | ||
| console.print(f" {_escape_markup(str(ext.get('description', '')))}") |
| # Header | ||
| verified_badge = " [green]âś“ Verified[/green]" if ext_info.get("verified") else "" | ||
| console.print(f"\n[bold]{_escape_markup(str(ext_info['name']))}[/bold] (v{_escape_markup(str(ext_info['version']))}){verified_badge}") | ||
| console.print(f"\n[bold]{_escape_markup(str(ext_info.get('name', '(unnamed)')))}[/bold] (v{_escape_markup(str(ext_info.get('version', '?')))}){verified_badge}") |
|
|
||
| # Description | ||
| console.print(f"{_escape_markup(str(ext_info['description']))}") | ||
| console.print(f"{_escape_markup(str(ext_info.get('description', '')))}") |
Comment on lines
2616
to
+2620
| version = ext_info.get("version", "unknown") | ||
| zip_filename = f"{extension_id}-{version}.zip" | ||
| zip_path = target_dir / zip_filename | ||
| try: | ||
| zip_path.resolve().relative_to(target_dir.resolve()) |
Collaborator
|
Please address Copilot feedback |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
You can’t perform that action at this time.
What
Wires up the long-advertised
extension list --available/--allcatalog listing, and hardensextension add --fromagainst path traversal. Split out of the PR-7 structural refactor (#3014) so the behavior change is reviewed on its own, with tests.Why
The
--available/--allflags have existed since the original extension system (#1551), and their help text has always advertised "Show available extensions from catalog." But the implementation was a stub — it printed a staticspecify extension add <name>hint and never queried the catalog, even thoughExtensionCatalogalready existed. This is a long-standing dead/misleading-flag fix, not a new feature, and it's orthogonal to the refactor — which is why it's pulled out of #3014.Changes
extension list --available/--all: query the catalog and list uninstalled extensions (filtering out installed IDs).--availablelists catalog-only;--alllists installed + available; discovery-only entries are marked; a clear error is surfaced and the command exits non-zero when the catalog is unavailable.extension add --from <url>: sanitize the extension label before building the download filename, so../-style separators can no longer escape the downloads cache dir (path traversal).Tests
test_extension_list_available.py— catalog query, installed-ID filtering, discovery-only entries, empty catalog, catalog-error exit,--allshowing both sections.test_extension_add_path_traversal.py— a traversal label is sanitized so the download stays inside the downloads dir.Both suites verified red against the pre-fix behavior and green after.