Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: safe exec commands #3699

Merged
merged 10 commits into from
Jan 23, 2024
Merged

refactor: safe exec commands #3699

merged 10 commits into from
Jan 23, 2024

Conversation

TrafalgarZZZ
Copy link
Member

Ⅰ. Describe what this PR does

  • Rename SimpleCommand to Command
  • Augmented PipeCommand to ShellCommand which checks all (ba)sh -c-like commands

Ⅱ. Does this pull request fix one issue?

NONE

Ⅲ. List the added test cases (unit test/integration test) if any, please explain if no tests are needed.

Ⅳ. Describe how to verify it

Ⅴ. Special notes for reviews

cheyang
cheyang requested changes Jan 19, 2024
View reviewed changes
cheyang
cheyang reviewed Jan 19, 2024
View reviewed changes
@codecov Codecov
Copy link

codecov bot commented Jan 22, 2024
edited
Loading

Codecov Report

Attention: 13 lines in your changes are missing coverage. Please review.

Comparison is base (c53ef20) 64.46% compared to head (4e2108f) 64.47%.

Files Patch % Lines
pkg/ddc/efc/operations/base.go 25.00% 3 Missing ⚠️
pkg/ddc/jindocache/operations/base.go 0.00% 3 Missing ⚠️
pkg/utils/cmdguard/exec.go 88.88% 1 Missing and 1 partial ⚠️
pkg/ddc/jindo/operations/base.go 0.00% 1 Missing ⚠️
pkg/ddc/jindofsx/operations/base.go 0.00% 1 Missing ⚠️
pkg/ddc/juicefs/operations/base.go 50.00% 1 Missing ⚠️
pkg/ddc/thin/operations/base.go 0.00% 1 Missing ⚠️
pkg/utils/home.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #3699   +/-   ##
=======================================
  Coverage   64.46%   64.47%           
=======================================
  Files         474      473    -1     
  Lines       28275    28245   -30     
=======================================
- Hits        18228    18211   -17     
+ Misses       7889     7879   -10     
+ Partials     2158     2155    -3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@TrafalgarZZZ
Copy link
Member Author

/test fluid-e2e

1 similar comment
@TrafalgarZZZ
Copy link
Member Author

/test fluid-e2e

cheyang
cheyang reviewed Jan 23, 2024
View reviewed changes
pkg/utils/cmdguard/exec_pipes.go
var illegalSequences = []string{"&", ";", "$", "'", "`", "(", ")", "||", ">>"}

var allowedEnvs = []string{
"${METAURL}", // JuiceFS community's metaurl
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about using allowedExpressions to replace allowedEnvs?

@TrafalgarZZZ
Move security command to pkg/utils/security
e82133d 
Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
@TrafalgarZZZ
Fix build
7c0b9bb 
Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
@TrafalgarZZZ
Fix unit tests
d428593 
Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
@TrafalgarZZZ
Move Commands to cmdguard utils package
41e3897 
Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
@TrafalgarZZZ
Rename exec pipes
6d580a3 
Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
@TrafalgarZZZ
Add unit tests for exec pipes
9b3869c 
Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
@TrafalgarZZZ
Add unit tests for exec pipes
5ffef83 
Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
@TrafalgarZZZ
Remove unused helm utility functions
6369dd7 
Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
@TrafalgarZZZ
Fix illegal sequence to pass Juicefs's health check
504cc4c 
Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
@TrafalgarZZZ
Rename allowedEnvs to allowedExpressions
4e2108f 
Signed-off-by: trafalgarzzz <trafalgarz@outlook.com>
@TrafalgarZZZ TrafalgarZZZ force-pushed the refactor/safe_exec_commands branch from 6a887da to 4e2108f Compare January 23, 2024 11:22
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

The SonarCloud Quality Gate passed, but some issues were introduced.

9 New issues
32 Security Hotspots
No data about Coverage
12.8% Duplication on New Code

See analysis details on SonarCloud

@cheyang
Copy link
Collaborator

cheyang commented Jan 23, 2024

/test fluid-e2e

cheyang
cheyang approved these changes Jan 23, 2024
View reviewed changes
Copy link
Collaborator

@cheyang cheyang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@fluid-e2e-bot fluid-e2e-bot bot added the lgtm label Jan 23, 2024
@fluid-e2e-bot fluid-e2e-bot
Copy link

fluid-e2e-bot bot commented Jan 23, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cheyang

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@fluid-e2e-bot fluid-e2e-bot bot merged commit d4c82f1 into fluid-cloudnative:master Jan 23, 2024
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cheyang cheyang cheyang approved these changes

Assignees

@cheyang cheyang

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TrafalgarZZZ @cheyang