fix: prevent command injection in init container shell commands#172
Merged
fix: prevent command injection in init container shell commands#172
Conversation
Replace fmt.Sprintf interpolation of user-controlled values (model source, cache dir, model path) in buildModelInitCommand with container environment variables. The shell script now references $MODEL_SOURCE, $CACHE_DIR, and $MODEL_PATH instead of embedding raw values, eliminating shell metacharacter injection risk from CRD inputs. Signed-off-by: Christopher Maher <chris@mahercode.io>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Relates to #91
buildModelInitCommandto eliminatefmt.Sprintfinterpolation of user-controlled values (model source, cache dir, model path) into shell commandsMODEL_SOURCE,CACHE_DIR,MODEL_PATH) and referenced via$VARin the shell scriptmodelInitEnvVarshelper to build the env var list for init containersbuildCachedStorageConfigandbuildEmptyDirStorageConfigto setEnvon the init containerThis prevents shell metacharacter injection from CRD inputs like
https://evil.com/$(cmd).gguf— the source value never appears in the shell command string, only in Kubernetes env vars which are set literally by the kubelet.Test plan
buildModelInitCommandtests for new(isLocal, useCache bool)signaturebuildCachedStorageConfig/buildEmptyDirStorageConfigtests to assertEnvvars on init containersgo build ./...— compiles cleanlygo vet ./internal/controller/...— no issuesgo test ./internal/controller/... -count=1— all 128 tests passSigned-off-by: Christopher Maher chris@mahercode.io