Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[device/celestica] Mitigation for command injection vulnerability #11740

Merged
merged 30 commits into from
Dec 9, 2022
+159 −303
Merged

[device/celestica] Mitigation for command injection vulnerability #11740

Changes from 1 commit
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
956da45
Improve command injection in subprocess and eval
maipbui Aug 15, 2022
8811f7a
Use literal_evals instead of eval
maipbui Aug 15, 2022
652921f
Add sanitize command input
maipbui Aug 15, 2022
c24eec3
Remove globals()
maipbui Aug 15, 2022
9ca1d96
Fix syntax error
maipbui Aug 15, 2022
ca56944
Fix command in subprocess
maipbui Aug 16, 2022
ba61fd4
Change data structure and fix static input in subprocess
maipbui Aug 17, 2022
cebc440
Remove unnecessary parameters
maipbui Aug 18, 2022
0a5d46a
Fix static subprocess
maipbui Aug 18, 2022
dada9ae
Remove os.system and subprocess shell=True
maipbui Sep 1, 2022
91781fe
Fix lgtm
maipbui Sep 1, 2022
6647f81
Fix lgtm
maipbui Sep 1, 2022
35aedce
Remove unused funcs and fix subprocess cmd
maipbui Sep 6, 2022
a7b8055
Remove brackets
maipbui Sep 6, 2022
ec603a0
Add p1 returncod checkere
maipbui Sep 7, 2022
3166477
Replace unsafe functions in platform directory
maipbui Sep 15, 2022
edd4aec
Fix command
maipbui Sep 16, 2022
2d5d44c
Fix command
maipbui Sep 16, 2022
7460c9f
Fix command
maipbui Sep 16, 2022
8ac59ab
Use common lib function
maipbui Sep 18, 2022
f1365f5
Fix PR comments
maipbui Sep 21, 2022
96bc208
Change sp run to call and add \n
maipbui Sep 21, 2022
552abed
Replace shell=True
maipbui Sep 21, 2022
65b4300
fix bug
maipbui Sep 21, 2022
0ce54ef
Add universal_newliness for py3
maipbui Sep 21, 2022
a971633
Merge remote-tracking branch 'upstream/master' into celestica_e1031_s…
maipbui Oct 5, 2022
bba06ff
Revert solution
maipbui Oct 6, 2022
92147d7
Revert deleted line
maipbui Oct 6, 2022
22bad5e
Address PR comments
maipbui Dec 8, 2022
34991a5
Address PR comments
maipbui Dec 8, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Remove brackets 
Signed-off-by: maipbui <maibui@microsoft.com>
@maipbui
maipbui committed Sep 6, 2022
commit a7b8055c9442f60f6cf2747304e97d605b464322
2 changes: 1 addition & 1 deletion device/celestica/x86_64-cel_silverstone-r0/sonic_platform/component.py
View file
Original file line number Diff line number Diff line change
@@ -26,7 +26,7 @@
BIOS_VER_PATH = "/sys/class/dmi/id/bios_version"
BMC_VER_CMD1 = ["ipmitool", "mc", "info"]
BMC_VER_CMD2 = ["grep", "Firmware Revision"]
CFUFLASH_FW_UPGRADE_CMD = ["CFUFLASH", "-cd", "-d", "{}", "-mse", "3", "{}"]
CFUFLASH_FW_UPGRADE_CMD = ["CFUFLASH", "-cd", "-d", "", "-mse", "3", ""]
MEM_PCI_RESOURCE = "/sys/bus/pci/devices/0000:09:00.0/resource0"
FPGA_VER_MEM_OFFSET = 0
UPGRADE_OPT = {