5Şub
Primary techniques to prevent against hacks when passing user input to CLI arguments?
What are the main kinds of hacks that can be used when passing user input from the command line, and what are the key techniques to prevent against them (like to prevent against browser XSS attacks, you typically escape the HTML before rendering in the DOM).
But for the command-line, I've only just started to think about potential problems and solutions, so wondering if they have been aggregated before, or if we can do so here. Some situations:
- File paths accessing things outside of a desired folder. So if you want all generated file read/write to occur in the
/tmp
folder, you need to make sure users don't do/tmp/../usr/stuff
to access private folders. - Executing subshell commands or piping. I imagine if you have a command like
convert {input} {output}
(an imagemagick command), you could pass ininput: "2> /dev/null", output: "| cat some-os-private-config-file"
or perhapsinput: "2> /dev/null &&", output: "echo $(which node)"
or something. So you would haveconvert 2> /dev/null && echo $(which node)
.
So what are the best ways to generically mitigate against these sorts of problems? What are the main things to handle? What to check for basically on each input argument? If it's too complicated, what are the main complexities? What are the key things to be aware of when implementing this system?