mirrors/etcd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tools/etcd-dump-metrics: validate exec cmd args

Browse Source 
To prevent arbitrary command invocations.

Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
This commit is contained in:
Gyuho Lee
2020-11-25 10:37:52 -08:00
parent b5cefb5b3d
commit 3eea37cf31
3 changed files with 21 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tools/etcd-dump-metrics/main.go
View File

@ -87,7 +87,7 @@ func main() {
rc := make(chan run)
cs1 := getCommand(bp, "s1", d1, "http://localhost:2379", "http://localhost:2380", cluster)
cmd1 := exec.Command("bash", "-c", cs1)
cmd1 := exec.Command(cs1[0], cs1[1:]...)
go func() {
if *debug {
cmd1.Stderr = os.Stderr
@ -101,7 +101,7 @@ func main() {
rc <- run{cmd: cmd1}
}()
cs2 := getCommand(bp, "s2", d2, "http://localhost:22379", "http://localhost:22380", cluster)
cmd2 := exec.Command("bash", "-c", cs2)
cmd2 := exec.Command(cs2[0], cs2[1:]...)
go func() {
if *debug {
cmd2.Stderr = os.Stderr