Prevent command injection in VyConf external validator execution
Closed, ResolvedPublicENHANCEMENT
Actions

Edit Task
Edit Related Tasks...
Create Subtask
Edit Parent Tasks
Edit Subtasks
Merge Duplicates In
Close As Duplicate
Edit Related Objects...
Edit Commits
Edit Mocks
Edit Revisions
Mute Notifications
Flag For Later
Award Token

Assigned To

Authored By

	dmbaturin
	Sep 8 2017, 6:05 AM

Description

https://github.com/vyos/vyconf/blob/master/src/value_checker.ml#L13-L24

Right now there is no validation at all, and a malicious user could execute arbitrary code with a specially prepared value to be validated. Dangerous characters should be escaped to prevent this.

Details

Version: -
Is it a breaking change?: Perfectly compatible

Event Timeline

dmbaturin created this task.Sep 8 2017, 6:05 AM

dmbaturin created this object with visibility "Public (No Login Required)".

syncer changed the subtype of this task from "Task" to "Enhancement".Oct 20 2018, 7:10 AM

dmbaturin closed this task as Resolved.Jan 27 2021, 6:39 PM

dmbaturin edited a custom field.

dmbaturin set Is it a breaking change? to Perfectly compatible.

Prevent command injection in VyConf external validator executionClosed, ResolvedPublicENHANCEMENTActions

Description

Details

Event Timeline

Prevent command injection in VyConf external validator execution
Closed, ResolvedPublicENHANCEMENT
Actions