Check for “command-line injection”

Issue #37 resolved

LiAh Sheep created an issue 2015-02-12

We currently pass the parameters directly from params to command line, which is very dangerous.

Comments (10)

Jimmy Chu
- changed milestone to Feb 27
- assigned issue to
  
  LiAh Sheep
- 2015-02-21T15:12:20+00:00
Jimmy Chu
- changed component to t: portal-core
- marked as major
- 2015-03-04T03:39:39+00:00
Jimmy Chu
- changed milestone to Apr 01
- 2015-03-28T02:23:37+00:00
Jimmy Chu
- changed component to t: portal
- 2015-04-10T05:18:22+00:00
Jimmy Chu
- removed milestone
What do we need to do specifically here?

If nothing specific, I want to close it with wontfix
- 2015-04-10T09:08:36+00:00
LiAh Sheep reporter
Investigate and add .shellescape to respective strings, like in pull request #140
- 2015-04-24T05:41:39+00:00
Jimmy Chu
- changed status to resolved
Applying shellescape to prevent command line injection (fixing ~~#37~~)

→ <<cset f9c3501238c0>>
- 2015-05-20T09:11:28+00:00
Jimmy Chu
more: Applying shellescape to prevent command line injection (fixing ~~#37~~)

→ <<cset fb0486025287>>
- 2015-05-20T09:11:28+00:00
Jimmy Chu
Merged in liahsheep/cnpaas-portal/fix-cli-injection (pull request #168)

Applying shellescape to prevent command line injection (fixing ~~#37~~)

→ <<cset 360dddc400a8>>
- 2015-05-20T09:11:28+00:00
LiAh Sheep reporter
- changed component to Portal
- 2015-06-11T17:05:25+00:00
Log in to comment