ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-02-27 17:14:14 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix: execute: remove osh_warn on tainted params to avoid exposing arguments on coding error

Browse source
This commit is contained in:
Stéphane Lesimple 2021-02-15 11:17:55 +00:00 committed by Stéphane Lesimple
parent fbe7461fcb
commit 4624f71ea2
1 changed files with 0 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/perl/OVH/Bastion/execute.inc
View file

@ -67,7 +67,6 @@ sub execute {
} }
=cut =cut
#=cut only to debug tainted stuff
require Scalar::Util; require Scalar::Util;
foreach (@$cmd) { foreach (@$cmd) {
if (Scalar::Util::tainted($_) && /(.+)/) { if (Scalar::Util::tainted($_) && /(.+)/) {
@ -75,12 +74,9 @@ sub execute {
# to be able to warn under -T; untaint it. we're going to crash right after anyway. # to be able to warn under -T; untaint it. we're going to crash right after anyway.
require Carp; require Carp;
warn(Carp::longmess("would exec <" . join('^', @$cmd) . "> but param '$1' is tainted!")); warn(Carp::longmess("would exec <" . join('^', @$cmd) . "> but param '$1' is tainted!"));
osh_warn("about to execute a cmd but param '$1' is tainted, I'm gonna crash!");
} }
} }
#=cut
if ($system) { if ($system) {
my $child_exit_status = system(@$cmd); my $child_exit_status = system(@$cmd);
$fnret = sysret2human($child_exit_status); $fnret = sysret2human($child_exit_status);