Skip to content
This repository has been archived by the owner on Jul 25, 2022. It is now read-only.

Sanitize user input in drop.go #327

Closed
tedteng opened this issue Sep 22, 2020 · 5 comments
Closed

Sanitize user input in drop.go #327

tedteng opened this issue Sep 22, 2020 · 5 comments

Comments

@tedteng
Copy link
Contributor

tedteng commented Sep 22, 2020

Describe the bug

Sanitize user input when executing local commands as much as possible

This is one of the sub-task for ticket #267
@neo-liang-sap
Copy link
Contributor

duplicate with my PR #324

@tedteng
Copy link
Contributor Author

tedteng commented Sep 22, 2020
edited
Loading

duplicate with my PR #324

I think this ticket is more about sanitize bash -c

and the issue ticket you are working is seems more about refacot the ExecCmd function itself which I mention #320 (comment), but you can check with Peter for more information.

ExecCmd should not be called with a cmd string and instead the caller should pass the name and arguments directly for exec.Command, otherwise an attacker could sneak in arguments

@neo-liang-sap
Copy link
Contributor

totally not getting your point, for my PR i'm refactoring ExecCmdReturnOutput in drop.go

@tedteng
Copy link
Contributor Author

tedteng commented Sep 22, 2020
edited
Loading

totally not getting your point, for my PR i'm refactoring ExecCmdReturnOutput in drop.go

so if you are not working on refactor ExecCmd function issue #267 (comment). I will create a new issue ticket for that?

@neo-liang-sap
Copy link
Contributor

/close
as pr merged

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tedteng @neo-liang-sap @gardener-robot