SciDEX — Task: [Senate] Fix command injection in bridge.py file l

Critical (C-4): bridge.py:17 uses shell=True with f-string for find command. Replace with list-based subprocess call to prevent command injection. See security_audit_2026-04-02.md for safe implementation example. ## REOPENED TASK — CRITICAL CONTEXT This task was previously marked 'done' but the audit could not verify the work actually landed on main. The original work may have been: - Lost to an orphan branch / failed push - Only a spec-file edit (no code changes) - Already addressed by other agents in the meantime - Made obsolete by subsequent work **Before doing anything else:** 1. **Re-evaluate the task in light of CURRENT main state.** Read the spec and the relevant files on origin/main NOW. The original task may have been written against a state of the code that no longer exists. 2. **Verify the task still advances SciDEX's aims.** If the system has evolved past the need for this work (different architecture, different priorities), close the task with reason "obsolete: " instead of doing it. 3. **Check if it's already done.** Run `git log --grep=''` and read the related commits. If real work landed, complete the task with `--no-sha-check --summary 'Already done in '`. 4. **Make sure your changes don't regress recent functionality.** Many agents have been working on this codebase. Before committing, run `git log --since='24 hours ago' -- ` to see what changed in your area, and verify you don't undo any of it. 5. **Stay scoped.** Only do what this specific task asks for. Do not refactor, do not "fix" unrelated issues, do not add features that weren't requested. Scope creep at this point is regression risk. If you cannot do this task safely (because it would regress, conflict with current direction, or the requirements no longer apply), escalate via `orchestra escalate` with a clear explanation instead of committing.

Git Commits (1)

[Verify] Fix command injection in bridge.py — already resolved on main [task:ac50dffd-8951-47a1-8bf5-528c8f99fb24]2026-04-24

Spec File

[Senate] Fix command injection in bridge.py file listing with safe subprocess

ID: ac50dffd-895 Priority: 92 Type: one_shot Status: open

Goal

Acceptance Criteria

☑ /files listing uses list-based subprocess.run through a helper, with no shell invocation

☑ Regression test covers the argument-vector subprocess call

☑ Work log updated with timestamped entry

Work Log

2026-04-20 19:01 PDT — Slot 43

Re-evaluated current main/worktree state: root bridge.py is now a compatibility entrypoint and maintained implementation lives in scripts/bridge.py.
Confirmed the prior vulnerable shell=True f-string is not present; /files already used list-based subprocess.run.
Refactored the file listing command into FILE_FIND_COMMAND and list_bridge_files() so the safe argument-vector behavior is explicit and testable.
Added a regression test that monkeypatches subprocess.run and verifies /files uses a list argument vector with no shell keyword.
Tests: pytest tests/test_bridge_path_validation.py.

Payload JSON

{
  "requirements": {
    "coding": 9,
    "safety": 10
  },
  "completion_shas": [
    "802c3cdefd2fb74b8b1f6eafd0e6facb84d9b441"
  ],
  "completion_shas_checked_at": "2026-04-21T02:07:31.638552+00:00"
}

Sibling Tasks in Quest (Senate) ↗

●[Senate] CI: Quest engine — generate tasks from quests when queue is lowP99

●[Senate] Capture belief snapshots for 30 hypotheses not snapshotted this weekP83

●[Senate] Assign content owners for 50 artifacts missing guardiansP82

○[Senate] Audit 25 uncredited agent contributions for reward emissionP88

○[Senate] Triage 30 open governance decisions for vote readinessP84

✓[Senate] Investigate slot starvation in task distributionP99

✓[Senate] Paper accumulation — Hongkui Zeng (hongkui-zeng)P99

✓[Senate] Paper accumulation — Ed Lein (ed-lein)P99

✓[Senate] Paper accumulation — Karel Svoboda (karel-svoboda)P99

✓[Senate] Paper accumulation — Jay Shendure (jay-shendure)P99