zeppelin icon indicating copy to clipboard operation
zeppelin copied to clipboard
verified publisher icon apache

[HOTFIX] Escape envs when using `.conf`

Open jongyoul opened this issue 1 year ago • 1 comments

What is this PR for?

Escaping envs to avoid malicious code in envs

What type of PR is it?

Hot Fix

Todos

  • [ ] - Task

What is the Jira issue?

N/A

How should this be tested?

  • Add shell commends inside envs
  • It shouldn't be executed

Screenshots (if appropriate)

Questions:

  • Does the license files need to update? No
  • Is there breaking changes for older versions? No
  • Does this needs documentation? No

jongyoul avatar Feb 19 '24 10:02 jongyoul

ping @zjffdu @Reamer @huage1994 This code will change some malicious code like

$ printf %q ';whoami > /tmp/imp.log; date >>/tmp/imp.log;'
\;whoami\ \>\ /tmp/imp.log\;\ date\ \>\>/tmp/imp.log\;%

jongyoul avatar Feb 24 '24 14:02 jongyoul