From 5f89e4c983f0a55e6cc21ca05436496a208d8eb7 Mon Sep 17 00:00:00 2001 From: James Sturtevant Date: Mon, 17 Jul 2023 14:24:02 -0700 Subject: [PATCH] Use environment varaibles for parameters in Powershell As a defense in depth, pass parameters to powershell via environment variables. Signed-off-by: James Sturtevant --- pkg/volume/util/util.go | 12 +++++++---- .../src/k8s.io/mount-utils/mount_windows.go | 20 +++++++++++++------ 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/pkg/volume/util/util.go b/pkg/volume/util/util.go index dffdfd6d899c..cd70a52d277d 100644 --- a/pkg/volume/util/util.go +++ b/pkg/volume/util/util.go @@ -656,11 +656,15 @@ func HasMountRefs(mountPath string, mountRefs []string) bool { func WriteVolumeCache(deviceMountPath string, exec utilexec.Interface) error { // If runtime os is windows, execute Write-VolumeCache powershell command on the disk if runtime.GOOS == "windows" { - cmd := fmt.Sprintf("Get-Volume -FilePath %s | Write-Volumecache", deviceMountPath) - output, err := exec.Command("powershell", "/c", cmd).CombinedOutput() - klog.Infof("command (%q) execeuted: %v, output: %q", cmd, err, string(output)) + cmdString := "Get-Volume -FilePath $env:mountpath | Write-Volumecache" + cmd := exec.Command("powershell", "/c", cmdString) + env := append(os.Environ(), fmt.Sprintf("mountpath=%s", deviceMountPath)) + cmd.SetEnv(env) + klog.Infof("Executing command: %q", cmdString) + output, err := cmd.CombinedOutput() + klog.Infof("command (%q) execeuted: %v, output: %q", cmdString, err, string(output)) if err != nil { - return fmt.Errorf("command (%q) failed: %v, output: %q", cmd, err, string(output)) + return fmt.Errorf("command (%q) failed: %v, output: %q", cmdString, err, string(output)) } } // For linux runtime, it skips because unmount will automatically flush disk data diff --git a/staging/src/k8s.io/mount-utils/mount_windows.go b/staging/src/k8s.io/mount-utils/mount_windows.go index c7fcde5fc98f..d96bf2237899 100644 --- a/staging/src/k8s.io/mount-utils/mount_windows.go +++ b/staging/src/k8s.io/mount-utils/mount_windows.go @@ -278,10 +278,16 @@ func (mounter *SafeFormatAndMount) formatAndMountSensitive(source string, target fstype = "NTFS" } - // format disk if it is unformatted(raw) - cmd := fmt.Sprintf("Get-Disk -Number %s | Where partitionstyle -eq 'raw' | Initialize-Disk -PartitionStyle GPT -PassThru"+ - " | New-Partition -UseMaximumSize | Format-Volume -FileSystem %s -Confirm:$false", source, fstype) - if output, err := mounter.Exec.Command("powershell", "/c", cmd).CombinedOutput(); err != nil { + cmdString := "Get-Disk -Number $env:source | Where partitionstyle -eq 'raw' | Initialize-Disk -PartitionStyle GPT -PassThru" + + " | New-Partition -UseMaximumSize | Format-Volume -FileSystem $env:fstype -Confirm:$false" + cmd := mounter.Exec.Command("powershell", "/c", cmdString) + env := append(os.Environ(), + fmt.Sprintf("source=%s", source), + fmt.Sprintf("fstype=%s", fstype), + ) + cmd.SetEnv(env) + klog.V(8).Infof("Executing command: %q", cmdString) + if output, err := cmd.CombinedOutput(); err != nil { return fmt.Errorf("diskMount: format disk failed, error: %v, output: %q", err, string(output)) } klog.V(4).Infof("diskMount: Disk successfully formatted, disk: %q, fstype: %q", source, fstype) @@ -303,8 +309,10 @@ func (mounter *SafeFormatAndMount) formatAndMountSensitive(source string, target // ListVolumesOnDisk - returns back list of volumes(volumeIDs) in the disk (requested in diskID). func listVolumesOnDisk(diskID string) (volumeIDs []string, err error) { - cmd := fmt.Sprintf("(Get-Disk -DeviceId %s | Get-Partition | Get-Volume).UniqueId", diskID) - output, err := exec.Command("powershell", "/c", cmd).CombinedOutput() + cmd := exec.Command("powershell", "/c", "(Get-Disk -DeviceId $env:diskID | Get-Partition | Get-Volume).UniqueId") + cmd.Env = append(os.Environ(), fmt.Sprintf("diskID=%s", diskID)) + klog.V(8).Infof("Executing command: %q", cmd.String()) + output, err := cmd.CombinedOutput() klog.V(4).Infof("listVolumesOnDisk id from %s: %s", diskID, string(output)) if err != nil { return []string{}, fmt.Errorf("error list volumes on disk. cmd: %s, output: %s, error: %v", cmd, string(output), err)