fix(security): avoid shell injection in open-tilix plugin #2155
Conversation
|
Can you adjust the patch so it works on top of the Nautilus plugin updates in master? Thanks for looking into this and creating this patch! |
OK, the conflict has been resolved. |
|
Are you sure? It appears there's still a conflict and this PR can't be merged right now... |
This PR page shows "This branch has no conflicts with the base branch". I don't know where the "conflict" is.
And the "incomplete" label is incorrect - this PR is a complete work and is just waiting for reviewing & merging. |
|
Ah, the problem is that you have a merge commit in thie PR, so rebase does not work. But I can squash down the PR and merge it that way. |
|
Thank you for the patch! :-) |
I first reported this issue in https://bugs.archlinux.org/task/77698.
Currently tilix's open-tilix plugin for nautilus uses
subprocess.call()withshell=True. However it fails to sanitize input data (filename) correctly, thus causing possible shell injection when filename contains"or`, etc.This PR tries to solve this issue by using
subprocess.Popen()and avoiding invoking shell:Popen constructorrecommends to useshutil.which()to get actual path of executable (requires Python 3.3+).REMOTE_URI_SCHEMEpart, subprocess security considerations recommends to useshlex.quote()to escape path (also requires Python 3.3+, and it may still have security issue when the shell is not POSIX-compliant).