https://bugzilla.novell.com/show_bug.cgi?id=472752
User schubi@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=472752#c5
--- Comment #5 from Stefan Schubert 2009-02-05 08:05:54 MST ---
Meanwhile I have added argument checks in the webservice. That is not perfect,
but prevents us from corrupted input:
+def Scr.execute (arguments, environment=[] )
+
+ #sanitize arguments
+ whitelist = ("a".."z").to_a.to_s + ("A".."Z").to_a.to_s +
("0".."9").to_a.to_s + "_-/=:.,\"<>"
+ arguments.each do |arg|
+ wrongArguments = false
+ for i in (0..arg.size-1) do
+ if whitelist.index(arg[i]) == nil
+ wrongArguments = true
+ break
+ end
+ end
+ if wrongArguments
+ return { :stdout =>"", :stderr => "#{arg}: only a..z A..Z 0..9,_-/=.:<>
are allowed", :exit => 2}
+ end
+ end
+
+ #note environment array will not be set by the user. So no check is needed.
+
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.