Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitize graph input #10276

Merged
merged 1 commit into from May 31, 2019

Conversation

Projects
None yet
1 participant
@murrant
Copy link
Member

commented May 30, 2019

Could execute arbitrary rrdtool commands such as cd and ls.

Security Researcher:
Eldar Marcussen - xen1thLabs - Software Labs - https://www.darkmatter.ae/xen1thlabs/

DO NOT DELETE THIS TEXT

Please note

Please read this information carefully. You can run ./scripts/pre-commit.php to check your code before submitting.

Testers

If you would like to test this pull request then please run: ./scripts/github-apply <pr_id>, i.e ./scripts/github-apply 5926
After you are done testing, you can remove the changes with ./scripts/github-remove. If there are schema changes, you can ask on discord how to revert.

Sanitize graph input
Could execute arbitrary rrdtool commands such as cd and ls.

@murrant murrant added the Security label May 30, 2019

@murrant murrant merged commit 9faae11 into librenms:master May 31, 2019

6 checks passed

Inspection Summary
Details
Node: analysis
Details
Travis CI - Pull Request Build Passed
Details
WIP Ready for review
Details
codeclimate All good!
Details
license/cla Contributor License Agreement is signed.
Details

@murrant murrant deleted the murrant:graph-sec branch May 31, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.