From 5c503b81ae186aa378928edf36fa1d347e919d7a Mon Sep 17 00:00:00 2001
From: xumia <59720581+xumia@users.noreply.github.com>
Date: Mon, 28 Jun 2021 09:57:08 +0800
Subject: [PATCH] Fix vtysh shell-ingestion security issue (#7759)

Fix vtysh shell-ingestion security issue
Only expose the limited parameters of the command vtysh show.
---
 files/image_config/sudoers/sudoers | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/files/image_config/sudoers/sudoers b/files/image_config/sudoers/sudoers
index 041290151a98..42dd6d5ec751 100644
--- a/files/image_config/sudoers/sudoers
+++ b/files/image_config/sudoers/sudoers
@@ -31,8 +31,10 @@ Cmnd_Alias      READ_ONLY_CMDS = /bin/cat /var/log/syslog*, \
                                  /usr/bin/sensors, \
                                  /usr/bin/tail -F /var/log/syslog, \
                                  /usr/bin/rvtysh *, \
-                                 /usr/bin/vtysh -c show *, \
-                                 /usr/bin/vtysh -n [0-9] -c show *, \
+                                 /usr/bin/vtysh -c show version, \
+                                 /usr/bin/vtysh -c show bgp ipv[46] summary json, \
+                                 /usr/bin/vtysh -n [0-9] -c show version, \
+                                 /usr/bin/vtysh -n [0-9] -c show bgp ipv[46] summary json, \
                                  /usr/local/bin/decode-syseeprom, \
                                  /usr/local/bin/generate_dump, \
                                  /usr/local/bin/ipintutil, \