-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix CWE-78 #315
Fix CWE-78 #315
Conversation
Signed-off-by: Taras Drozdovskyi <t.drozdovsky@samsung.com>
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with your idea.
Is there anything else we should put some in the injectionOperators?
That's enough for the moment! Thank you! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
@suresh-lc PTAL. 😄 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Signed-off-by: Taras Drozdovskyi t.drozdovsky@samsung.com
Description
After analyzing the existing code, it should be noted that sanitization measures have been made in the edge-orchestration:
Strengthening against attacks of this kind can be:
All attempts to eliminate the security alert by changing the source code were unsuccessful.
The elimination requires hard-coding the string literals of the commands to be used, but this greatly limits the flexibility of the edge-orchestration and doesn't add a significant increase in security.
Therefore, I propose to mark this alert as a fall positive.
Fixes #298
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
The result can be seen after merging the PR and restarting the LGTM
Checklist: