[EPIC] santize user input in `ExecCmd` function #323

neo-liang-sap · 2020-09-22T07:21:02Z

I will use this issue to track all ExecCmd refactor work, and will list files i refactored here (to be appended as i'm continue working)

the ExecCmd function should not be called with a cmd string and instead the caller should pass the name and arguments directly for exec.Command, otherwise an attacker could sneak in arguments

The text was updated successfully, but these errors were encountered:

neo-liang-sap · 2020-09-22T07:31:09Z

drop.go - santize user input in ExeCmdXXX for drop.go #324

neo-liang-sap · 2020-09-22T08:05:59Z

close this issue as @tedteng has built many sub issue to track this
i will track my work and effort in different PR (each PR for one refactor)
/close

neo-liang-sap self-assigned this Sep 22, 2020

neo-liang-sap changed the title ~~santize user input in ExecCmd function~~ [EPIC] santize user input in ExecCmd function Sep 22, 2020

gardener-robot closed this as completed Sep 22, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[EPIC] santize user input in `ExecCmd` function #323

[EPIC] santize user input in `ExecCmd` function #323

neo-liang-sap commented Sep 22, 2020

neo-liang-sap commented Sep 22, 2020

neo-liang-sap commented Sep 22, 2020

[EPIC] santize user input in ExecCmd function #323

[EPIC] santize user input in ExecCmd function #323

Comments

neo-liang-sap commented Sep 22, 2020

neo-liang-sap commented Sep 22, 2020

neo-liang-sap commented Sep 22, 2020

[EPIC] santize user input in `ExecCmd` function #323

[EPIC] santize user input in `ExecCmd` function #323