core/go
8
0
Fork 0
generated from lthn/LEM
Code Issues 2 Pull requests 1 Projects Releases Packages Wiki Activity Actions
go/pkg/container
History
Snider e8ab351316
Sanitize user input in execInContainer to prevent injection (#305) 
* security: sanitize user input in execInContainer

This change implements command injection protection for the 'vm exec' command
by adding a command whitelist and robust shell argument escaping.

Changes:
- Added `escapeShellArg` utility in `pkg/container/linuxkit.go` to safely quote
  arguments for the remote shell.
- Updated `LinuxKitManager.Exec` to escape all command arguments before
  passing them to SSH.
- Implemented `allowedExecCommands` whitelist in `internal/cmd/vm/cmd_container.go`.
- Added i18n support for new security-related error messages.
- Added unit tests for escaping logic and whitelist validation.

Fixes findings from OWASP Top 10 Security Audit (PR #205).

* security: sanitize user input in execInContainer

This change implements command injection protection for the 'vm exec' command
by adding a command whitelist and robust shell argument escaping.

Changes:
- Added `escapeShellArg` utility in `pkg/container/linuxkit.go` to safely quote
  arguments for the remote shell.
- Updated `LinuxKitManager.Exec` to escape all command arguments before
  passing them to SSH.
- Implemented `allowedExecCommands` whitelist in `internal/cmd/vm/cmd_container.go`.
- Added i18n support for new security-related error messages.
- Added unit tests for escaping logic and whitelist validation.
- Fixed minor formatting issue in `pkg/io/local/client.go`.

Fixes findings from OWASP Top 10 Security Audit (PR #205).

* security: sanitize user input in execInContainer

This change implements command injection protection for the 'vm exec' command
by adding a command whitelist and robust shell argument escaping.

Changes:
- Added `escapeShellArg` utility in `pkg/container/linuxkit.go` to safely quote
  arguments for the remote shell (mitigates SSH command injection).
- Updated `LinuxKitManager.Exec` to escape all command arguments.
- Implemented `allowedExecCommands` whitelist in `internal/cmd/vm/cmd_container.go`.
- Added i18n support for new security-related error messages in `en_GB.json`.
- Added unit tests for escaping logic and whitelist validation.
- Fixed a minor pre-existing formatting issue in `pkg/io/local/client.go`.

Note: The 'merge / auto-merge' CI failure was identified as an external
reusable workflow issue (missing repository context for the 'gh' CLI), and
has been left unchanged to maintain PR scope and security policies.

Fixes findings from OWASP Top 10 Security Audit (PR #205).
2026-02-05 03:43:12 +00:00
..
templates feat(container): add LinuxKit YAML templates with variable substitution 2026-01-28 18:59:45 +00:00
container.go feat(container): implement LinuxKit container runtime 2026-01-28 18:50:32 +00:00
exec_security_test.go Sanitize user input in execInContainer to prevent injection (#305) 2026-02-05 03:43:12 +00:00
hypervisor.go feat: git command, build improvements, and go fmt git-aware (#74) 2026-02-01 10:48:44 +00:00
hypervisor_test.go test: increase coverage across packages 2026-01-29 13:19:08 +00:00
linuxkit.go Sanitize user input in execInContainer to prevent injection (#305) 2026-02-05 03:43:12 +00:00
linuxkit_test.go Migrate pkg/container to io.Medium abstraction (#292) 2026-02-04 15:33:22 +00:00
state.go Migrate pkg/container to io.Medium abstraction (#292) 2026-02-04 15:33:22 +00:00
state_test.go Migrate pkg/container to io.Medium abstraction (#292) 2026-02-04 15:33:22 +00:00
templates.go Migrate pkg/container to io.Medium abstraction (#292) 2026-02-04 15:33:22 +00:00
templates_test.go Migrate pkg/container to io.Medium abstraction (#292) 2026-02-04 15:33:22 +00:00