Skip to content

fix(service): Fixed shell injection vulnerability in the internal API#1668

Merged
lslezak merged 2 commits intomasterfrom
fix_shell_injection
Oct 14, 2024
Merged

fix(service): Fixed shell injection vulnerability in the internal API#1668
lslezak merged 2 commits intomasterfrom
fix_shell_injection

Conversation

@lslezak
Copy link
Contributor

@lslezak lslezak commented Oct 14, 2024

Problem

Solution

  • Escape the path parameter so the special shell characters do not cause problems

Details

  • The problem is only in the internal implementation, the DBus service just uses the default (does not allow to pass the parameter)
  • But it potentially could be a problem in the future when we change the API so let's fix it, the fix is trivial anyway

@lslezak lslezak changed the title Fixed shell injection vulnerability in the internal API fix(service): Fixed shell injection vulnerability in the internal API Oct 14, 2024
@coveralls
Copy link

coveralls commented Oct 14, 2024
edited
Loading

Pull Request Test Coverage Report for Build 11330201026

Details

  • 2 of 2 (100.0%) changed or added relevant lines in 1 file are covered.
  • 13 unchanged lines in 1 file lost coverage.
  • Overall coverage increased (+0.002%) to 70.964%
Files with Coverage Reduction New Missed Lines %
service/service/lib/agama/manager.rb 13 82.76%
Totals Coverage Status
Change from base Build 11329642568: 0.002%
Covered Lines: 16094
Relevant Lines: 22679
💛 - Coveralls

@lslezak lslezak merged commit ebf9860 into master Oct 14, 2024
@lslezak lslezak deleted the fix_shell_injection branch October 14, 2024 17:33
@imobachgs imobachgs mentioned this pull request Jan 10, 2025
Merged
imobachgs added a commit that referenced this pull request Jan 13, 2025
@imobachgs
Update to release 11 (#1887)
3ab318a 
Update to release version 11.

* #1495
* #1564
* #1617
* #1618
* #1625
* #1626
* #1627
* #1628
* #1630
* #1631
* #1632
* #1633
* #1634
* #1635
* #1636
* #1639
* #1640
* #1641
* #1642
* #1643
* #1644
* #1645
* #1646
* #1647
* #1648
* #1649
* #1650
* #1651
* #1652
* #1654
* #1655
* #1656
* #1657
* #1660
* #1663
* #1666
* #1667
* #1668
* #1670
* #1671
* #1673
* #1674
* #1675
* #1676
* #1677
* #1681
* #1682
* #1683
* #1684
* #1687
* #1688
* #1689
* #1690
* #1691
* #1692
* #1693
* #1694
* #1695
* #1696
* #1698
* #1699
* #1702
* #1703
* #1704
* #1705
* #1707
* #1708
* #1709
* #1710
* #1711
* #1712
* #1713
* #1714
* #1715
* #1716
* #1717
* #1718
* #1720
* #1721
* #1722
* #1723
* #1727
* #1728
* #1729
* #1731
* #1732
* #1733
* #1734
* #1735
* #1736
* #1737
* #1740
* #1741
* #1743
* #1744
* #1745
* #1746
* #1751
* #1753
* #1754
* #1755
* #1757
* #1762
* #1763
* #1764
* #1765
* #1766
* #1767
* #1769
* #1771
* #1772
* #1773
* #1774
* #1777
* #1778
* #1785
* #1786
* #1787
* #1788
* #1789
* #1790
* #1791
* #1792
* #1793
* #1794
* #1795
* #1796
* #1797
* #1798
* #1799
* #1800
* #1802
* #1803
* #1804
* #1805
* #1807
* #1808
* #1809
* #1810
* #1811
* #1812
* #1814
* #1815
* #1821
* #1822
* #1823
* #1824
* #1825
* #1826
* #1827
* #1828
* #1830
* #1831
* #1832
* #1833
* #1834
* #1835
* #1836
* #1837
* #1838
* #1839
* #1840
* #1841
* #1842
* #1843
* #1844
* #1845
* #1847
* #1848
* #1849
* #1850
* #1851
* #1854
* #1855
* #1856
* #1857
* #1860
* #1861
* #1863
* #1864
* #1865
* #1866
* #1867
* #1871
* #1872
* #1873
* #1875
* #1876
* #1877
* #1878
* #1880
* #1881
* #1882
* #1883
* #1884
* #1885
* #1886
* #1888
* #1889
* #1890
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@imobachgs imobachgs imobachgs approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lslezak @coveralls @imobachgs