fix(security): avoid shell injection in open-tilix plugin #2155
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I first reported this issue in https://bugs.archlinux.org/task/77698.
Currently tilix's open-tilix plugin for nautilus uses
subprocess.call()
withshell=True
. However it fails to sanitize input data (filename) correctly, thus causing possible shell injection when filename contains"
or`
, etc.This PR tries to solve this issue by using
subprocess.Popen()
and avoiding invoking shell:Popen constructor
recommends to useshutil.which()
to get actual path of executable (requires Python 3.3+).REMOTE_URI_SCHEME
part, subprocess security considerations recommends to useshlex.quote()
to escape path (also requires Python 3.3+, and it may still have security issue when the shell is not POSIX-compliant).