Uploaded image for project: 'OpenShift Builds'
  1. OpenShift Builds
  2. BUILD-903 Findings from the Threat Model Source-to-image (S2I) Builder Image 1.3.8
  3. BUILD-912

T43: Avoid unsafe operating system interaction

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      To protect against command injection, avoid interacting with an operating system (OS) dynamically.

      Before processing the user's input, take these three important steps to validate it into consideration:

      • Sanitize early
      • Escape Late
      • Always Validate

      User input can come from forms, HTTP headers, cookies, or URL parameters. In cases where this input is used to set parameters to OS-level commands, use the following guidelines for setting firewall rules, configuring service settings, or configuring network interfaces:

      • Determine what kind of user input is acceptable.
      • Limit acceptable characters strictly.

      For example, if your application dynamically starts a user-specified process through shell interaction and it needs user-supplied parameters as dynamic input to the process:

      Consider an application that starts a shell interaction process by the user. If the process needs user-generated settings as dynamic input, use the following guidelines:

      • Only allow specific process names and reject all others character combinations.
      • Only allow the very limited required special characters for the input parameters. 
        - `A-Z`, `a-z`, `0-9`, `.`, and `@`.
      Use built-in APIs instead of generic "exec.Command()" (Go)

      Limit using exec.Command() as much as possible, especially if you are executing a binary whose name is coming from a user input. Instead, try to use specific built-in APIs.

      In the following example, we use exec.Command() to run chmod command.

      The example for non-compliant code:

      **`
      //A bad example that should be avoided
      package main

      import "fmt"
      import "os/exec"
      import "os"

      func main()

      { {code}

      if err := exec.Command("bash", "-c", "chmod 664 file").Run(); err != nil

      { fmt.Fprintln(os.Stderr, err) os.Exit(1) } {code}

      }
      **`

      In the second example we demonstrate how to use an equivalent built-in API (os.Chmod()).

      The example for compliant code:

      **`
      //An example of specific APIs
      if err := os.Chmod(file, 664); err != nil {
      fmt.Fprintln(os.Stderr, err)
      os.Exit(1)
      }
      **`

      Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-2-extended-functionality-offerings/openshift-source-to-image-s2i-builder-image/tasks/phase/development/106-T43/

              diagrawa Divyanshu Agrawal
              sdelements Jira-SD-Elements-Integration Bot
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: