fix!: Sanitization for IPA path strings #430
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR attempts to fix for a potential security issue in PlayCover IPA extraction where it may be vulnerable to shell command injections.
For example: two IPA files could be delivered to an user
valid.ipa
<-- Valid ZIP archive (can be hidden, so that zip exits with code 0)valid.ipa;some_command|printf .ipa
<-- also a valid IPA fileWhen the second IPA is selected to be install, PlayCover will run
/bin/zsh -c "unzip -oq /path/to/file/valid.ipa;some_command&&printf\ .ipa -d <tempdir>
Which:
some_command
)Examples:
valid.ipa;as|printf .ipa
which should hang PlayCover indefinitely asas
waits for input-;bluetoothd&&.ipa
which will crash your Mac