Summary

GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject ANSI or OSC escape sequences into analyst terminals or CI logs.

Description

The finding formatter stores file paths and snippets from scanned content:

location = file_path + ":" + str(start_line)
finding = {
    "location": location,
    "code": code,
    "message": result["extra"]["message"],
}

The human-readable reporter later prints these values directly:

"  * " + finding["message"] + " at " + finding["location"] + "\n    " + _format_code_line_for_output(finding["code"])

No escaping is applied for control characters such as \x1b. A malicious package can therefore ship a filename like:

evil\x1b[2J.py

or matched source lines containing terminal escapes, which survive into the final CLI output.

Reproduction summary

1. Create a file whose name contains \x1b[2J.
2. Feed a semgrep-style result referencing that file into Analyzer._format_semgrep_response().
3. Render the result with HumanReadableReporter.print_scan_results().
4. The output string contains the raw escape bytes, which a terminal may interpret.

Key code paths

• guarddog/analyzer/analyzer.py:377-392
• guarddog/reporters/human_readable.py:36-42
• guarddog/reporters/human_readable.py:84-91

Practical impact

This can be used to: - clear or rewrite analyst terminal output - inject misleading or spoofed log content in CI - emit clickable OSC 8 hyperlinks or title changes in compatible terminals

Prior public disclosure check

As of 2026-03-18, no matching public GitHub advisory, CVE, or public repo issue was found for this specific bug.

Suggested fix

Escape or strip terminal control characters before rendering any attacker-controlled value in human-readable output. This should cover package names, file paths, messages, and code snippets.