Merge remote-tracking branch 'origin/topic/robin/gh-54-sanitize'

* origin/topic/robin/gh-54-sanitize: Sanitize log files names before they go into system().
2025-10-02 06:38:20 +00:00 · 2021-09-21 15:16:49 -07:00 · 2021-09-21 15:16:49 -07:00 · 0a0ed65306
commit 0a0ed65306
parent a49dcc8954
8 changed files with 52 additions and 7 deletions
--- a/scripts/base/frameworks/logging/main.zeek
+++ b/scripts/base/frameworks/logging/main.zeek
@ -649,7 +649,7 @@ function run_rotation_postprocessor_cmd(info: RotationInfo, npath: string) : boo
 	# The date format is hard-coded here to provide a standardized
 	# script interface.
 	system(fmt("%s %s %s %s %s %d %s",
-               pp_cmd, npath, info$path,
+               pp_cmd, safe_shell_quote(npath), safe_shell_quote(info$path),
               strftime("%y-%m-%d_%H.%M.%S", info$open),
               strftime("%y-%m-%d_%H.%M.%S", info$close),
               info$terminating, writer));
--- a/scripts/base/frameworks/logging/postprocessors/scp.zeek
+++ b/scripts/base/frameworks/logging/postprocessors/scp.zeek
@ -66,7 +66,7 @@ function scp_postprocessor(info: Log::RotationInfo): bool
 		command += fmt("scp %s %s@%s:%s;", info$fname, d$user, d$host, dst);
 		}

-	command += fmt("/bin/rm %s", info$fname);
+	command += fmt("/bin/rm %s", safe_shell_quote(info$fname));
 	system(command);
 	return T;
 	}
--- a/scripts/base/frameworks/logging/postprocessors/sftp.zeek
+++ b/scripts/base/frameworks/logging/postprocessors/sftp.zeek
@ -69,7 +69,7 @@ function sftp_postprocessor(info: Log::RotationInfo): bool
 		               d$host_port, d$user, d$host);
 		}

-	command += fmt("/bin/rm %s", info$fname);
+	command += fmt("/bin/rm %s", safe_shell_quote(info$fname));
 	system(command);
 	return T;
 	}
--- a/scripts/base/frameworks/notice/main.zeek
+++ b/scripts/base/frameworks/notice/main.zeek
@ -384,12 +384,13 @@ function log_mailing_postprocessor(info: Log::RotationInfo): bool
 		{
 		local headers = email_headers(fmt("Log Contents: %s", info$fname),
 		                              mail_dest);
-		local tmpfilename = fmt("%s.mailheaders.tmp", info$fname);
+		local tmpfilename = safe_shell_quote(fmt("%s.mailheaders.tmp", info$fname));
 		local tmpfile = open(tmpfilename);
 		write_file(tmpfile, headers);
 		close(tmpfile);
 		system(fmt("/bin/cat %s %s | %s -t -oi && /bin/rm %s %s",
-		       tmpfilename, info$fname, sendmail, tmpfilename, info$fname));
+		       tmpfilename, safe_shell_quote(info$fname), sendmail,
+			   tmpfilename, safe_shell_quote(info$fname)));
 		}
 	return T;
 	}
--- a/scripts/policy/misc/trim-trace-file.zeek
+++ b/scripts/policy/misc/trim-trace-file.zeek
@ -24,7 +24,7 @@ event TrimTraceFile::go(first_trim: bool)
 		{
 		local info = rotate_file_by_name(trace_output_file);
 		if ( info$old_name != "" )
-			system(fmt("/bin/rm %s", info$new_name));
+			system(fmt("/bin/rm %s", safe_shell_quote(info$new_name)));
 		}
 	
 	schedule trim_interval { TrimTraceFile::go(F) };