core/cli
8
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions 1
cli/internal/cmd/vm/cmd_container_test.go

52 lines
1 KiB
Go
Raw Normal View History

Sanitize user input in execInContainer to prevent injection (#305) * security: sanitize user input in execInContainer This change implements command injection protection for the 'vm exec' command by adding a command whitelist and robust shell argument escaping. Changes: - Added `escapeShellArg` utility in `pkg/container/linuxkit.go` to safely quote arguments for the remote shell. - Updated `LinuxKitManager.Exec` to escape all command arguments before passing them to SSH. - Implemented `allowedExecCommands` whitelist in `internal/cmd/vm/cmd_container.go`. - Added i18n support for new security-related error messages. - Added unit tests for escaping logic and whitelist validation. Fixes findings from OWASP Top 10 Security Audit (PR #205). * security: sanitize user input in execInContainer This change implements command injection protection for the 'vm exec' command by adding a command whitelist and robust shell argument escaping. Changes: - Added `escapeShellArg` utility in `pkg/container/linuxkit.go` to safely quote arguments for the remote shell. - Updated `LinuxKitManager.Exec` to escape all command arguments before passing them to SSH. - Implemented `allowedExecCommands` whitelist in `internal/cmd/vm/cmd_container.go`. - Added i18n support for new security-related error messages. - Added unit tests for escaping logic and whitelist validation. - Fixed minor formatting issue in `pkg/io/local/client.go`. Fixes findings from OWASP Top 10 Security Audit (PR #205). * security: sanitize user input in execInContainer This change implements command injection protection for the 'vm exec' command by adding a command whitelist and robust shell argument escaping. Changes: - Added `escapeShellArg` utility in `pkg/container/linuxkit.go` to safely quote arguments for the remote shell (mitigates SSH command injection). - Updated `LinuxKitManager.Exec` to escape all command arguments. - Implemented `allowedExecCommands` whitelist in `internal/cmd/vm/cmd_container.go`. - Added i18n support for new security-related error messages in `en_GB.json`. - Added unit tests for escaping logic and whitelist validation. - Fixed a minor pre-existing formatting issue in `pkg/io/local/client.go`. Note: The 'merge / auto-merge' CI failure was identified as an external reusable workflow issue (missing repository context for the 'gh' CLI), and has been left unchanged to maintain PR scope and security policies. Fixes findings from OWASP Top 10 Security Audit (PR #205).
2026-02-05 03:43:12 +00:00
package vm
import (
"testing"
"github.com/stretchr/testify/assert"
)
func TestExecInContainer_Whitelist(t *testing.T) {
tests := []struct {
name string
cmd []string
expected string // Expected error substring
}{
{
"Allowed command",
[]string{"ls", "-la"},
"", // Will fail later with "failed to determine state path" or similar, but NOT whitelist error
},
{
"Disallowed command",
[]string{"rm", "-rf", "/"},
"command not allowed: rm",
},
{
"Injection attempt in first arg",
[]string{"ls; rm", "-rf", "/"},
"command not allowed: ls; rm",
},
{
"Empty command",
[]string{},
"container ID and command required",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := execInContainer("test-id", tt.cmd)
if tt.expected == "" {
// Should NOT be a whitelist error
if err != nil {
assert.NotContains(t, err.Error(), "command not allowed")
}
} else {
assert.Error(t, err)
assert.Contains(t, err.Error(), tt.expected)
}
})
}
}
Reference in a new issue Copy permalink