Detect Command Obfuscation and Parser-Mismatch Attacks
Catch the attacks your parser cannot see: quote-concatenation flags, ANSI-C quoting, brace expansion, and escaped operators that make bash execute something your checks never inspected.
The route
4 steps to Done
- 01
Build multi-view quote extraction
Different attacks are visible at different stripping levels.
Preview prompt + verify gate ▾ Hide ▴
Implement an extraction function producing three views of every command: KEEP-DOUBLE (single-quoted content stripped, double-quoted kept - because shell metacharacters like ';' and '|' still act inside double quotes in some positions and this view exposes them), FULLY-UNQUOTED (all quoted content stripped - the view for redirection detection, since quoted '<' and '>' are inert), and KEEP-QUOTE-CHARS (content stripped but the quote characters themselves preserved - the view that reveals quote-adjacency attacks like a quoted fragment abutting a '#'). Build the underlying quote-state tracker carefully: process backslash escapes BEFORE quote toggling - inside double quotes, an escaped quote is a literal character, and toggling on it desyncs the tracker for the rest of the command. Unit-test the tracker against nasty edges: escaped quotes inside quotes, adjacent empty quotes, unterminated quotes.
- ✓ Three views produced and documented with their use cases
- ✓ Backslash processed before quote toggling
- ✓ Tracker edge cases covered by tests
- 02
Detect quote-trick flag smuggling
Flags assembled from quote fragments defeat every naive flag check.
Preview prompt + verify gate ▾ Hide ▴
Implement detectors for the flag-smuggling family, each on the ORIGINAL string. ANSI-C quoting: any occurrence of the $'...' form can encode arbitrary characters including dashes - ask on sight in argument positions. Empty-quote concatenation: patterns of empty quote pairs followed by a dash (a shell joins the empty string with '-exec' to produce a flag your parser saw as a filename) - detect adjacent empty quotes preceding dashes. Quote chains: fragments like a quoted dash abutting a quoted word which concatenate into a flag; walk the command with the quote tracker and flag dash-starting words assembled from multiple quoted segments. Triple-plus quote runs at word start: the catch-all for concatenation variants you have not enumerated. Each detector: its own function, its own tests with attack and benign cases (legit filenames containing dashes must not fire).
- ✓ ANSI-C, empty-quote, quote-chain, and triple-quote detectors implemented
- ✓ All detectors run on the original string
- ✓ Benign dash-containing filenames pass
- 03
Detect parser-vs-shell divergence
The deadliest class: your parser sees one command, bash runs two.
Preview prompt + verify gate ▾ Hide ▴
Implement the divergence detectors. Brace expansion: your parser reads '{a,b}' as one literal token but bash expands it into multiple arguments - detect unquoted braces containing commas or dot-dot ranges at the outermost nesting level, imbalanced braces after quote stripping, and quoted brace characters in the original (a hiding pattern); ask on all three. Backslash-escaped operators: in bash, an escaped semicolon is a literal argument, but a normalizing splitter may treat it as a separator, splitting one command into two - and the second piece (reading a credential file) then gets validated as an innocent standalone command; detect backslash-operator sequences outside double quotes and ask. Accept the known false positive (find -exec's terminator) and document it: one extra confirmation versus a leaked private key is the right trade.
- ✓ Outermost-level comma/range detection with nesting depth
- ✓ Escaped-operator detection outside double quotes only
- ✓ Known false positives documented as accepted
- 04
Grow the regression corpus
Obfuscation is an arms race; the corpus is your institutional memory.
Preview prompt + verify gate ▾ Hide ▴
Assemble the obfuscation corpus: every attack variant from the previous steps plus mutations (different quote types, whitespace variants, unicode lookalike characters - flag non-ASCII in security-relevant positions outright), each labeled with the expected outcome and the detector expected to fire. Add an equal weight of benign commands asserting no false fires. Wire it into CI as a blocking suite. Establish the arms-race process: every newly discovered bypass (from red-teaming, transcripts, or published research) gets a corpus entry FIRST, then a detector fix, then the whole corpus re-run - fixes routinely break sibling detectors, and the corpus is what catches that. Schedule a periodic red-team pass attempting fresh bypasses against the current pipeline.
- ✓ Corpus covers all families plus mutations and benign twins
- ✓ New bypasses become tests before fixes
- ✓ Periodic red-team pass scheduled
Research-backed