Skip to content
This repository has been archived by the owner on Jul 25, 2022. It is now read-only.

ExecCmd function refactor #352

Open
tedteng opened this issue Sep 28, 2020 · 0 comments
Open

ExecCmd function refactor #352

tedteng opened this issue Sep 28, 2020 · 0 comments
Labels
lifecycle/rotten Nobody worked on this for 12 months (final aging stage)

Comments

@tedteng
Copy link
Contributor

tedteng commented Sep 28, 2020
edited
Loading

is every occurence really fixed now?

func ExecCmd(input []byte, cmd string, suppressedOutput bool, environment ...string) (err error) {
	var command *exec.Cmd
	parts := strings.Fields(cmd)
	head := parts[0]
	if len(parts) > 1 {
		parts = parts[1:]
	} else {
		parts = nil
	}
	command = exec.Command(head, parts...)
	...

the ExecCmd function should not be called with a cmd string and instead the caller should pass the name and arguments directly for exec.Command, otherwise an attacker could sneak in arguments

Originally posted by @petersutter in #267 (comment)
@tedteng tedteng mentioned this issue Sep 29, 2020
Closed
3 tasks
@gardener-robot gardener-robot added the lifecycle/stale Nobody worked on this for 6 months (will further age) label Nov 27, 2020
@gardener-robot gardener-robot added lifecycle/rotten Nobody worked on this for 12 months (final aging stage) and removed lifecycle/stale Nobody worked on this for 6 months (will further age) labels Sep 22, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
lifecycle/rotten Nobody worked on this for 12 months (final aging stage)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tedteng @gardener-robot