Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[device/celestica] Mitigation for command injection vulnerability #11740

Merged
merged 30 commits into from
Dec 9, 2022
Merged

[device/celestica] Mitigation for command injection vulnerability #11740

merged 30 commits into from
Dec 9, 2022

Commits on Aug 15, 2022

  1. Improve command injection in subprocess and eval 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Aug 15, 2022
    Configuration menu
    Copy the full SHA
    956da45 View commit details
    Browse the repository at this point in the history

  2. Use literal_evals instead of eval 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Aug 15, 2022
    Configuration menu
    Copy the full SHA
    8811f7a View commit details
    Browse the repository at this point in the history

  3. Add sanitize command input 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Aug 15, 2022
    Configuration menu
    Copy the full SHA
    652921f View commit details
    Browse the repository at this point in the history

  4. Remove globals() 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Aug 15, 2022
    Configuration menu
    Copy the full SHA
    c24eec3 View commit details
    Browse the repository at this point in the history

  5. Fix syntax error 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Aug 15, 2022
    Configuration menu
    Copy the full SHA
    9ca1d96 View commit details
    Browse the repository at this point in the history

Commits on Aug 16, 2022

  1. Fix command in subprocess 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Aug 16, 2022
    Configuration menu
    Copy the full SHA
    ca56944 View commit details
    Browse the repository at this point in the history

Commits on Aug 17, 2022

  1. Change data structure and fix static input in subprocess 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Aug 17, 2022
    Configuration menu
    Copy the full SHA
    ba61fd4 View commit details
    Browse the repository at this point in the history

Commits on Aug 18, 2022

  1. Remove unnecessary parameters 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    cebc440 View commit details
    Browse the repository at this point in the history

  2. Fix static subprocess 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Aug 18, 2022
    Configuration menu
    Copy the full SHA
    0a5d46a View commit details
    Browse the repository at this point in the history

Commits on Sep 1, 2022

  1. Remove os.system and subprocess shell=True 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Sep 1, 2022
    Configuration menu
    Copy the full SHA
    dada9ae View commit details
    Browse the repository at this point in the history

  2. Fix lgtm 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Sep 1, 2022
    Configuration menu
    Copy the full SHA
    91781fe View commit details
    Browse the repository at this point in the history

  3. Fix lgtm 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Sep 1, 2022
    Configuration menu
    Copy the full SHA
    6647f81 View commit details
    Browse the repository at this point in the history

Commits on Sep 6, 2022

  1. Remove unused funcs and fix subprocess cmd 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Sep 6, 2022
    Configuration menu
    Copy the full SHA
    35aedce View commit details
    Browse the repository at this point in the history

  2. Remove brackets 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Sep 6, 2022
    Configuration menu
    Copy the full SHA
    a7b8055 View commit details
    Browse the repository at this point in the history

Commits on Sep 7, 2022

  1. Add p1 returncod checkere 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Sep 7, 2022
    Configuration menu
    Copy the full SHA
    ec603a0 View commit details
    Browse the repository at this point in the history

Commits on Sep 15, 2022

  1. Replace unsafe functions in platform directory 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Sep 15, 2022
    Configuration menu
    Copy the full SHA
    3166477 View commit details
    Browse the repository at this point in the history

Commits on Sep 16, 2022

  1. Fix command 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Sep 16, 2022
    Configuration menu
    Copy the full SHA
    edd4aec View commit details
    Browse the repository at this point in the history

  2. Fix command 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Sep 16, 2022
    Configuration menu
    Copy the full SHA
    2d5d44c View commit details
    Browse the repository at this point in the history

  3. Fix command 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Sep 16, 2022
    Configuration menu
    Copy the full SHA
    7460c9f View commit details
    Browse the repository at this point in the history

Commits on Sep 18, 2022

  1. Use common lib function 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Sep 18, 2022
    Configuration menu
    Copy the full SHA
    8ac59ab View commit details
    Browse the repository at this point in the history

Commits on Sep 21, 2022

  1. Fix PR comments 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Sep 21, 2022
    Configuration menu
    Copy the full SHA
    f1365f5 View commit details
    Browse the repository at this point in the history

  2. Change sp run to call and add \n 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Sep 21, 2022
    Configuration menu
    Copy the full SHA
    96bc208 View commit details
    Browse the repository at this point in the history

  3. Replace shell=True 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Sep 21, 2022
    Configuration menu
    Copy the full SHA
    552abed View commit details
    Browse the repository at this point in the history

  4. fix bug 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Sep 21, 2022
    Configuration menu
    Copy the full SHA
    65b4300 View commit details
    Browse the repository at this point in the history

  5. Add universal_newliness for py3 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Sep 21, 2022
    Configuration menu
    Copy the full SHA
    0ce54ef View commit details
    Browse the repository at this point in the history

Commits on Oct 5, 2022

  1. Merge remote-tracking branch 'upstream/master' into celestica_e1031_s… 

    …ecurity
    @maipbui
    maipbui committed Oct 5, 2022
    Configuration menu
    Copy the full SHA
    a971633 View commit details
    Browse the repository at this point in the history

Commits on Oct 6, 2022

  1. Revert solution 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Oct 6, 2022
    Configuration menu
    Copy the full SHA
    bba06ff View commit details
    Browse the repository at this point in the history

  2. Revert deleted line 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Oct 6, 2022
    Configuration menu
    Copy the full SHA
    92147d7 View commit details
    Browse the repository at this point in the history

Commits on Dec 8, 2022

  1. Address PR comments 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Dec 8, 2022
    Configuration menu
    Copy the full SHA
    22bad5e View commit details
    Browse the repository at this point in the history

  2. Address PR comments 

    Signed-off-by: maipbui <maibui@microsoft.com>
    @maipbui
    maipbui committed Dec 8, 2022
    Configuration menu
    Copy the full SHA
    34991a5 View commit details
    Browse the repository at this point in the history