Documentation
¶
Index ¶
- Variables
- func Command(name string, arg ...string) (cmd *exec.Cmd, err error)
- func ShellCommand(name string, arg ...string) (cmd *exec.Cmd, err error)
- func ValidateCommandSlice(commandSlice []string) (err error)
- func ValidateShellCommandSlice(shellCommandSlice []string) (err error)
- type CommandValidater
Constants ¶
This section is empty.
Variables ¶
var AllowedShellCommands = map[string]CommandValidater{ "bash -c": ExactMatch, "sh -c": ExactMatch, }
Make sure the shell command is allowed
Functions ¶
func ShellCommand ¶
ShellCommand is a safe wrapper of exec.Command that checks potential risks in the command. It requires the command follows the format like ["bash", "-c", "<shell script>"] and each part of the command must be valid. If no shell command is needed, use security.Command instead.
func ValidateCommandSlice ¶
ValidateCommandSlice validates all the commands in the commandSlice. - For command in allowedPathList, it passes validation without further checks. - For a possible shell command, it calls ValidateShellCommandSlice() for detailed checks. - For any other command, it checks all the command args to ensure no illegal chars exists.
func ValidateShellCommandSlice ¶
ValidateShellCommandSlice takes in a slice of shell commands and returns an error if any are invalid. The function looks specifically for pipe commands (i.e., commands that contain a '|'). If a pipe command is found in the slice, ValidatePipeCommandSlice is called for further validation.
Types ¶
type CommandValidater ¶
var ( PrefixMatch CommandValidater = func(str, pattern string) bool { return strings.HasPrefix(str, pattern) } ExactMatch CommandValidater = func(str, pattern string) bool { return str == pattern } )
Source Files