This repository has been archived by the owner on Jun 29, 2022. It is now read-only.
Sanitize cluster and worker pool names #282
Labels
area/security
Security related stuff
needs/second-opinion
Needs more opinions
priority/Pfuture
We want it but not now
Comments
rata
added
area/security
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Cluster and worker pool names are used in terraform templates. For example, here and here, but there are some more usages.
Also, lokomotive executes terraform using
-target=<user-generated-string>and this can easily lead in the future to arbitrary code execution (in the user local computer, so not so heavy) if the user uses something likeworker; sudo rm -rf /as worker pool name. Examples are hereThe terraform executor, though, is doing it's job correctly and those simple code executions are not possible today (it's not using a shell, etc.). However, it seems reasonable to sanitize all user input, specially if we are using it to construct command to run later (like
terrafor apply -target <user-input>).In AWS it seems we are just using it in terraform templates, not to construct a terraform command, so it seems safer (there would need to be a bug in terraform itself for it to be exploitable). But the general concern to sanitize user input, specially when using it to run commands, seems reasonable to have in a common layer for all providers.
The text was updated successfully, but these errors were encountered: