Author: Thomas Chauchefoin (Vulnerability Researcher, Sonar)
Published: August 23, 2022
Source: https://www.sonarsource.com/blog/securing-developer-tools-argument-injection-in-vscode/
Summary
Sonar’s research team disclosed an argument injection vulnerability (CVE-2022-30129) in Visual Studio Code’s built-in Git integration. By luring a developer into clicking a crafted vscode:// URI, an attacker could smuggle dash-prefixed options into the underlying git command line and achieve arbitrary command execution on the victim’s machine. Microsoft fixed the issue in VS Code 1.67.1.
Technical Details
VS Code registers a custom vscode:// URI handler so that links can trigger editor actions. One such action, exposed by the bundled Git extension (vscode.git), accepts a clone request of the form vscode://vscode.git/clone?url=<URL>. According to the writeup, the supplied url value was “fully controlled and concatenated into the external command line” used to invoke the external git binary, without first validating that it was a well-formed repository URL. Because Git treats arguments beginning with a dash as options, an attacker-controlled value could be interpreted as flags rather than as a repository location — the classic argument-injection pattern.
The article gives the example payload vscode://vscode.git/clone?url=-u$({open,-a,calculator}):x. Here the value starts with -u, which sets Git’s --upload-pack command. Git’s transport layer executes that string, so the brace-expanded shell content (open -a calculator in the macOS proof of concept) runs as a command. The root cause is therefore missing input validation on a URL that crosses a trust boundary into an external process invocation.
Impact
When the malicious link is opened, the victim is shown a normal-looking prompt asking to clone a Git repository. If the developer accepts — an everyday workflow action — the injected --upload-pack value causes arbitrary command execution in the user’s context. The source notes this could bypass Workspace Trust protections in certain scenarios. On a developer workstation, code execution of this kind is a serious foothold and can serve as a stepping stone for lateral movement into corporate networks. Affected versions are Visual Studio Code prior to 1.67.1.
Mitigation
Microsoft addressed the issue in VS Code 1.67.1 (released May 10, 2022). Per the article, the fix parses and validates the incoming URI against an allowlist of permitted schemes — ['file', 'git', 'http', 'https', 'ssh'] — before the value is passed to the git command, so a value that does not parse as a legitimate URL (such as one beginning with -u) is rejected and can no longer be smuggled in as an option. Users should ensure they are running VS Code 1.67.1 or later. More broadly, the writeup illustrates the general defensive practice of separating options from operands (for example, using a -- separator) and validating untrusted input before it reaches an external command line.
References
- Securing Developer Tools: Argument Injection in Visual Studio Code
- Microsoft Security Response Center advisory for CVE-2022-30129
- microsoft/vscode patch commit c5da533 (URI scheme allowlist)
- Visual Studio Code GitHub Security Advisories
- Securing Developer Tools: Git Integrations (related Sonar research)
- Securing Developer Tools: Package Managers (related Sonar research)
- PHP Supply Chain Attack on Composer (related Sonar research)