Uploaded image for project: 'OpenShift Builds'
  1. OpenShift Builds
  2. BUILD-903 Findings from the Threat Model Source-to-image (S2I) Builder Image 1.3.8
  3. BUILD-912

T43: Avoid unsafe operating system interaction

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • None
    • False
    • None
    • False
    • SECFLOWOTL-30 - s2i Security Review

      To protect against command injection, avoid interacting with an operating system (OS) dynamically.

      Before processing the user's input, take these three important steps to validate it into consideration:

      • Sanitize early
      • Escape Late
      • Always Validate

      User input can come from forms, HTTP headers, cookies, or URL parameters. In cases where this input is used to set parameters to OS-level commands, use the following guidelines for setting firewall rules, configuring service settings, or configuring network interfaces:

      • Determine what kind of user input is acceptable.
      • Limit acceptable characters strictly.

      For example, if your application dynamically starts a user-specified process through shell interaction and it needs user-supplied parameters as dynamic input to the process:

      Consider an application that starts a shell interaction process by the user. If the process needs user-generated settings as dynamic input, use the following guidelines:

      • Only allow specific process names and reject all others character combinations.
      • Only allow the very limited required special characters for the input parameters. 
        - `A-Z`, `a-z`, `0-9`, `.`, and `@`.
      Use built-in APIs instead of generic "exec.Command()" (Go)

      Limit using exec.Command() as much as possible, especially if you are executing a binary whose name is coming from a user input. Instead, try to use specific built-in APIs.

      In the following example, we use exec.Command() to run chmod command.

      The example for non-compliant code:

      **`
      //A bad example that should be avoided
      package main

      import "fmt"
      import "os/exec"
      import "os"

      func main()

      { {code}

      if err := exec.Command("bash", "-c", "chmod 664 file").Run(); err != nil

      { fmt.Fprintln(os.Stderr, err) os.Exit(1) } {code}

      }
      **`

      In the second example we demonstrate how to use an equivalent built-in API (os.Chmod()).

      The example for compliant code:

      **`
      //An example of specific APIs
      if err := os.Chmod(file, 664); err != nil {
      fmt.Fprintln(os.Stderr, err)
      os.Exit(1)
      }
      **`

      Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-2-extended-functionality-offerings/openshift-source-to-image-s2i-builder-image/tasks/phase/development/106-T43/

              diagrawa Divyanshu Agrawal
              sdelements Jira-SD-Elements-Integration Bot
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: