GHSA-4q5v-7g7x-j79w

**Relevant Products/Components:**

* `trestle/core/commands/author/jinja.py` * `trestle author jinja`

---

## Detailed Description:

The `-o/--output` argument in `trestle author jinja` allows writing files outside the intended workspace.

The application does not properly validate:

* `../` * `..\` * absolute paths

This allows arbitrary file write to attacker-controlled locations.

Vulnerable code:

```python output_file = trestle_root / r_output_file ```

An attacker can overwrite files such as:

* `.github/workflows/*.yml` * `.git/hooks/*` * user writable config files

This can lead to CI/CD compromise or local code execution.

---

## Steps To Reproduce:

1. Clone the repository:

```bash git clone https://github.com/oscal-compass/compliance-trestle.git cd compliance-trestle ```

2. Create template:

```bash echo "hello" > template.j2 ```

3. Run:

```powershell trestle author jinja -i template.j2 -o "subdir\..\..\..\..\..\poc.txt" ```

4. Observe:

```powershell dir E:\poc.txt ```

The file is written outside the repository workspace.

---

## Browsers Verified In:

Not browser related.

Tested on:

* Windows 11 * Python 3.13

---

## Supporting Material/References:

Affected file:

```text trestle/core/commands/author/jinja.py ```

Successfully verified:

* directory traversal using `../` * Windows traversal using `..\` * arbitrary file write outside workspace

---

## Access Vector Required for Exploitation:

Local

---

## Vulnerability Exists in Default Configuration?:

Yes

---

## Is the exploitation trivial or does it involve a multi-step process that may depend on user/victim interaction?:

Trivial. Single command execution.

---

## Exploitation Requires Authentication?:

No

---

## Under what privileges does the vulnerable service or component run?:

Runs with privileges of the user executing the `trestle` command.

## Impact

An attacker can write files outside the intended workspace directory and overwrite sensitive files writable by the current user.

Possible impacts include:

* overwriting `.github/workflows/*.yml` to execute attacker-controlled GitHub Actions workflows * overwriting `.git/hooks/*` for local code execution * modifying user configuration files such as `.bashrc` * tampering with repository files and generated compliance artifacts

In CI/CD environments, this may result in execution of attacker-controlled commands on build runners.