-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Filter dangerous environment variables before reexec (#34177)
* Filter dangerous environment variables before reexec This change filters potentially dangerous environment variables that could result in code execution. This seemed safest to integrate as a new struct within the `environment.go` in utils. This struct allows us to validate variables as they are built, making sure that regardless of the source we have validated them against our filter list. The environment specific logic was significant enough that the current and new logic was refactored into a new package `envutils`. * Allow the easy addition of execution environment into SafeEnv In addition this commit adds in a check to look for duplicate keys which may be attempting to overload our set values. * Apply PR Feedback and remove env duplicate handling * Apply additional PR feedback
- Loading branch information
Showing
5 changed files
with
259 additions
and
81 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.