Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Deprecate str_shell_escape, add safe_shell_quote replacement

Browse source
This commit is contained in:
Jon Siwek 2019-03-25 17:49:18 -07:00
parent 8b29df96cc
commit dbf5d5fc95
11 changed files with 83 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

6
scripts/base/utils/exec.bro
View file

@ -8,7 +8,7 @@ export {
type Command: record {
## The command line to execute. Use care to avoid injection
## attacks (i.e., if the command uses untrusted/variable data,
## sanitize it with :bro:see:`str_shell_escape`).
## sanitize it with :bro:see:`safe_shell_quote`).
cmd: string;
## Provide standard input to the program as a string.
stdin: string &default="";
@ -122,7 +122,7 @@ event Input::end_of_data(orig_name: string, source:string)
delete pending_files[name][track_file];
if ( |pending_files[name]| == 0 )
delete pending_commands[name];
system(fmt("rm \"%s\"", str_shell_escape(track_file)));
system(fmt("rm %s", safe_shell_quote(track_file)));
}
}
@ -191,5 +191,5 @@ event bro_done()
# We are punting here and just deleting any unprocessed files.
for ( uid in pending_files )
for ( fname in pending_files[uid] )
system(fmt("rm \"%s\"", str_shell_escape(fname)));
system(fmt("rm %s", safe_shell_quote(fname)));
}